Microsoft acknowledges vulnerability in Vista
Exploit code released on Client/Server Runtime Server Subsystem
IDG News Service - A vulnerability that affects four versions of Microsoft Corp.'s operating system, including Vista, doesn't appear to pose a great risk, according to one security vendor.
Microsoft's security blog said proof-of-concept code that targets the Client/Server Runtime Server Subsystem has been publicly released. The CSRSS performs functions such as launching and closing applications.
A user could launch malicious code within the CSRSS that would elevate his privileges on a computer, such as going from an ordinary user to an administrator, said Thomas Kristensen, chief technology officer at Secunia AsP in Denmark.
To execute the attack, however, a user would already have to be logged onto a machine or have gained access to the network some other way, Kristensen said. Because of this, Secunia rated the vulnerability as "less critical," he said.
Still, the flaw could potentially let an attacker place a rootkit on a machine and scrub any trace of tampering with the machine, Kristensen said.
"It's still a significant vulnerability which administrators should pay a whole lot of attention to," he said.
Microsoft said it has not heard of any attacks using the vulnerability, but it is investigating the potential impact. The affected systems are Windows 2000 Service Pack 4, Windows Server SP1, Windows XP SP2 and Vista, Microsoft said.
- Five Steps to Achieve Success in your Application Security Program This white paper provides a general framework your organization can use to create or build upon an application security program. It includes guidelines...
- Unlock the Value of Enterprise Mobility Download this guide and learn how to manage the secure deployment of enterprise mobile apps and data, while still encouraging the levels of...
- Rebranded Quadmark revamps its IT solutions with Google Apps Switching to Google Apps halved Quadmark's IT admin costs while achieving 10% time savings per employee. The global consulting firm now spends 80%...
- Manufacturing Outlook: Improving time to market, operational effectiveness and innovation in a highly competitive environment An enterprise project portfolio management solution can help manufacturers position themselves in the new competitive landscape.
- Live Webcast
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
- Video Stream Quality Impacts Viewer Behavior This scientific white paper, using statistical data from Amakai's streaming network, analyzes how changes in video quality cause changes in viewer behavior.
- Service-Enabling CICS Applications: Best Practices This informative webcast provides an informed, thorough look into CICS service-enablement options and how they can affect your environment. You'll learn how to... All Applications White Papers | Webcasts