Microsoft acknowledges vulnerability in Vista
Exploit code released on Client/Server Runtime Server Subsystem
IDG News Service - A vulnerability that affects four versions of Microsoft Corp.'s operating system, including Vista, doesn't appear to pose a great risk, according to one security vendor.
Microsoft's security blog said proof-of-concept code that targets the Client/Server Runtime Server Subsystem has been publicly released. The CSRSS performs functions such as launching and closing applications.
A user could launch malicious code within the CSRSS that would elevate his privileges on a computer, such as going from an ordinary user to an administrator, said Thomas Kristensen, chief technology officer at Secunia AsP in Denmark.
To execute the attack, however, a user would already have to be logged onto a machine or have gained access to the network some other way, Kristensen said. Because of this, Secunia rated the vulnerability as "less critical," he said.
Still, the flaw could potentially let an attacker place a rootkit on a machine and scrub any trace of tampering with the machine, Kristensen said.
"It's still a significant vulnerability which administrators should pay a whole lot of attention to," he said.
Microsoft said it has not heard of any attacks using the vulnerability, but it is investigating the potential impact. The affected systems are Windows 2000 Service Pack 4, Windows Server SP1, Windows XP SP2 and Vista, Microsoft said.
- 2014 Gartner Magic Quadrant Report For the 7th year in a row, Riverbed is in the "Leaders" Quadrant of the 2014 Magic Quadrant for WAN Optimization Controllers. In...
- Improving Business Value of WAN Optimization Want to achieve faster ROI with WAN optimization? Read the latest IDC report and discover how you can cut IT costs without compromising...
- IDC ROI Infographic Trends such as evolving communication patterns, connection types, applications and bandwidth can have an impact on enterprise organizations. Learn how IT organizations can...
- Riverbed Optimization System: Technical Overview View now>>
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Why do you need an enterprise mobile platform? Today companies must offer great apps that run on a range of devices, and connect to an exploding set of backend data. Appcelerator... All Applications White Papers | Webcasts