Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

(841086) - The security update MS04-011 introduces stubs for new privileges for Windows 2000 SP3 and Windows XP SP1. These could lead to strange behavior of some applications.

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 841086 - Last Review: October 26, 2006 - Revision: 1.3

Introduction of new functions may cause calls to AdjustTokenPrivileges and LookupPrivilegeDisplayName not to work

View products that this article applies to.
System TipThis article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you. Visit the Windows Vista Solution Center

SYMPTOMS

After you apply the MS04-011 security update on your Windows XP computer, programs that impersonate users and act on their behalf may log errors, or you may receive error messages. A program vendor who analyzes the errors may discover that the SeImpersonatePrivilege privilege or the SeCreateGlobalPrivilege privilege is present on the computer, and that a few API calls that use this privilege work (such as LookupPrivilegeValue) and others do not work (such as LookupPrivilegeDisplayName).

LookupPrivilegeDisplayName does not work and returns error 1313, ERROR_NO_SUCH_PRIVILEGE, "A specified privilege does not exist." Therefore, you cannot administer the function through the Local Group Policy Tool.

Because the count SE_MAX_WELL_KNOWN_PRIVILEGE is changed by adding certain functions, other problems may occur. For example, if you add the AdjustTokenPrivilegesAPI function, the function does not work, and you receive an error 87 (ERROR_INVALID_PARAMETER) error message when more than SE_MAX_WELL_KNOWN_PRIVILEGE functions are passed in the NewStat->PrivilegeCount parameter. This behavior may occur in programs that are compiled with an SDK version that has the definitions for the two new functions.
Back to the top

CAUSE

The privileges were added in recent Windows XP hotfixes to resolve upgrade problems from Windows 2000 Professional Service Pack 4 computers that support this function. The security hotfix MS04-011 is missing dependent files that Windows must have to support these privileges.

Note The new functions are not enforced until you have Windows XP Service Pack 2 installed. They help prevent compatibility problems.
Back to the top

RESOLUTION

Windows 2000 Service Pack 4 includes full support for these functions.
Back to the top

WORKAROUND

If you do not want to retrieve the friendly names of the privileges, ignore the error message. The privilege will work correctly, but you cannot obtain the friendly name for it.

To resolve the problem with AdjustTokenPrivileges, do not pass the SID_AND_ATTRIBUTES entry that belongs to SeImpersonatePrivilege and SeCreateGlobalPrivilege with the NewState parameter to the API.

If you cannot do this, install the KB839210 hotfix. It contains the dependent files required to make the privileges work.

For additional information about the KB839210 hotfix, click the following article number to view the article in the Microsoft Knowledge Base:
839210  (http://kbalertz.com/Feedback.aspx?kbNumber=839210/ ) "STOP 0x0000007B: INACCESSIBLE_BOOT_DEVICE" error message when you start a Windows Server 2003 computer from a Windows Preinstall Environment CD-ROM
Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top
APPLIES TO
  • Microsoft Windows XP Professional SP1
  • Microsoft Windows 2000 Service Pack 3
  • Microsoft Windows 2000 Service Pack 3
  • Microsoft Windows 2000 Advanced Server
Back to the top
Keywords: 
kbtshoot kbbug kbnofix kbprb KB841086
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting