DOCUMENT:Q243405 TITLE :Device Drivers Create their Corresponding DeviceObject with FILE_DEVICE_SECURE_OPEN DeviceCharacteristics PRODUCT :Windows NT PROD/VER:4.0 OPER/SYS:WINDOWS NT KEYWORD :kbbug4.00 kbfix4.00 ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Server version 4.0 - Microsoft Windows NT Server, Enterprise Edition version 4.0 - Microsoft Windows NT Workstation version 4.0 ------------------------------------------------------------------------------- SYMPTOMS ======== When you open a device object in a program under the following conditions, it is possible to obtain greater access to that object than the designated permissions allow: - The device object has already been opened and you specify a relative file name of zero length to open a handle within that object. - The path specified to the device includes an additional trailing backslash name or character, and the device does not accommodate a parse routine. This behavior particularly affects the following files in relation to I/O Manager: - Floppy.sys (Floppy Driver in C:\winnt\system32\drivers\) - Netdetect.sys (Network Card Detection driver Driver in C:\winnt\system32\drivers\) - Parport.sys (Parallel Port Driver in C:\winnt\system32\drivers\) - Null.sys (NULL Driver in C:\winnt\system32\drivers\) - Beep.sys (BEEP Driver in C:\winnt\system32\drivers\) - Scsiport.sys (SCSI Port Driver in C:\winnt\system32\drivers\) - Tcpip.sys (TCP/IP driver in C:\winnt\system32\drivers\) CAUSE ===== It is the responsibility of a device driver of the corresponding device that creates or opens a logical DeviceObject in the operating system name space with IoCreateDevice() to represent the device. Detail of IoCreateDevice() can be found on MSDN at http://msdn.microsoft.com/library/ddkdoc/ntddk/native/ddk/kr/src/k104_22.htm. On Windows NT 4.0 Service Pack 6a and earlier, the seven aforementioned device drivers do not call IoCreateDevice() with the FILE_DEVICE_SECURE_OPEN DeviceCharacteristics. The seven that are included in the C2 Update call IoCreateDevice() with the FILE_DEVICE_SECURE_OPEN DeviceCharacteristics. The Windows NT IO manager that services IoCreateDevice() performs the necessary access check and audits the event if a relative file name of zero length is specified or an additional trailing backslash name or character is included in the path to the device. NOTE: Other device drivers shipped with Windows NT 4.0 Service Pack 6a have been tested for making the IoCreateDevice() call with the FILE_DEVICE_SECURE_OPEN DeviceCharacteristics. RESOLUTION ========== The following files are available for download from the Microsoft Download Center or Microsoft's FTP site. Click the file names below to download the appropriate file: English: x86: Microsoft Download Center: Q244599i.exe (http://download.microsoft.com/download/winntsp/Patch/SP6a_C2/NT4/EN-US/Q244599i.exe) FTP: Q244599i.exe (ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postsp6a/c2-fix/Q244599i.exe) Alpha: Microsoft Download Center: Q244599a.exe (http://download.microsoft.com/download/winntsp/Patch/SP6a_C2/ALPHA/EN-US/Q244599a.exe) FTP: Q244599a.exe (ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postsp6a/c2-fix/Q244599a.exe) French: x86: FTP: Q244599i.exe (ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/frn/nt40/hotfixes-postsp6a/c2-fix/Q244599i.exe) Alpha: FTP: Q244599a.exe (ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/frn/nt40/hotfixes-postsp6a/c2-fix/Q244599a.exe) Spanish: x86: FTP: Q244599i.exe (ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/spa/nt40/hotfixes-postsp6a/c2-fix/Q244599i.exe) Alpha: FTP: Q244599a.exe (ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/spa/nt40/hotfixes-postsp6a/c2-fix/Q244599a.exe) For more information about how to download files from the Microsoft Download Center, please visit the Download Center at the following Web address http://www.microsoft.com/downloads/search.asp and then click "How to use the Microsoft Download Center". STATUS ====== Microsoft has confirmed this to be a problem in Windows NT 4.0. Additional query words: c2 security_patch ============================================================================ THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.