CVE-1999-0560 in Windows
Summary
by MITRE
A system-critical Windows NT file or directory has inappropriate permissions.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/18/2026
The vulnerability described in CVE-1999-0560 represents a critical access control flaw in Microsoft Windows NT operating systems where specific system files or directories are configured with overly permissive access controls. This issue stems from the default security configuration of Windows NT systems, where certain critical system components are granted permissions that allow unauthorized users to access, modify, or execute sensitive files and directories. The flaw creates a fundamental breach in the operating system's security model by failing to properly enforce the principle of least privilege. This vulnerability was particularly significant in the late 1990s when Windows NT was widely deployed in enterprise environments, as it could potentially allow local users or even remote attackers to gain elevated privileges or access sensitive system information.
The technical implementation of this vulnerability involves the improper configuration of discretionary access control lists (DACLs) associated with system-critical files and directories within the Windows NT file system. These improperly configured permissions often grant full control or at least write access to accounts that should not possess such privileges, including standard user accounts or guest accounts. The flaw typically manifests when system administrators or the operating system itself fail to properly restrict access to core system components such as registry hives, system binaries, or configuration files. This misconfiguration can be traced back to the default installation settings of Windows NT, where security considerations were not adequately prioritized during the initial system setup. The vulnerability directly maps to CWE-276, which describes inadequate privileges, permissions, and access controls, and aligns with ATT&CK technique T1068, which covers local privilege escalation through improper permissions.
The operational impact of CVE-1999-0560 is substantial and potentially catastrophic for affected systems, particularly in enterprise environments where Windows NT servers were commonly deployed. An attacker who successfully exploits this vulnerability can gain unauthorized access to critical system resources, potentially leading to complete system compromise. The exploitation typically involves either local access to a system with standard user privileges or network-based attacks that leverage the permissive permissions to escalate privileges. Once an attacker gains access to these system-critical files, they can modify system binaries, alter registry settings, or extract sensitive information that could be used for further attacks. The vulnerability essentially provides a backdoor into the system's core functionality, making it a prime target for attackers seeking to establish persistent access or conduct reconnaissance activities. Organizations running unpatched Windows NT systems were particularly vulnerable to this type of attack, as the default configuration created an environment where unauthorized access to critical system components was trivially achievable.
Mitigation strategies for this vulnerability focus on proper access control configuration and security hardening of Windows NT systems. System administrators should immediately review and correct the permissions on critical system files and directories to ensure that only authorized accounts have appropriate access levels. The recommended approach involves implementing the principle of least privilege by restricting access to system-critical components to only those accounts that require such access for legitimate system operations. Security patches and updates released by Microsoft should be applied immediately to address the underlying configuration issues that create these permissive permissions. Additionally, organizations should implement regular security audits to identify and correct similar access control misconfigurations throughout their Windows NT environments. The remediation process typically involves modifying DACLs for system files, ensuring that only administrators or specific system accounts have the necessary permissions, and implementing proper monitoring to detect unauthorized access attempts. This vulnerability highlights the importance of proper security configuration management and demonstrates how default settings can create significant security risks that require active management and monitoring.