Microsoft acknowledges vulnerability in Vista
Exploit code released on Client/Server Runtime Server Subsystem
IDG News Service - A vulnerability that affects four versions of Microsoft Corp.'s operating system, including Vista, doesn't appear to pose a great risk, according to one security vendor.
Microsoft's security blog said proof-of-concept code that targets the Client/Server Runtime Server Subsystem has been publicly released. The CSRSS performs functions such as launching and closing applications.
A user could launch malicious code within the CSRSS that would elevate his privileges on a computer, such as going from an ordinary user to an administrator, said Thomas Kristensen, chief technology officer at Secunia AsP in Denmark.
To execute the attack, however, a user would already have to be logged onto a machine or have gained access to the network some other way, Kristensen said. Because of this, Secunia rated the vulnerability as "less critical," he said.
Still, the flaw could potentially let an attacker place a rootkit on a machine and scrub any trace of tampering with the machine, Kristensen said.
"It's still a significant vulnerability which administrators should pay a whole lot of attention to," he said.
Microsoft said it has not heard of any attacks using the vulnerability, but it is investigating the potential impact. The affected systems are Windows 2000 Service Pack 4, Windows Server SP1, Windows XP SP2 and Vista, Microsoft said.
- How Four Citrix Customers Solved the Enterprise Mobility Challenge Managing mobile devices, data and all types of apps-Windows, datacenter, web and native mobile- through a single solution.
- 8 Steps to Fill the Mobile Enterprise Application Gap Traveling executives and Millennials alike expect to communicate, collaborate and access their important work applications and data from anywhere on whatever device they...
- Seattle Children's Accelerates Citrix Login Times by 500% with Cross-Tier Insight Seattle Children's is a leading research hospital with a large and growing Citrix XenDesktop deployment. With ExtraHop, the IT team at Seattle Children's...
- McKesson Makes Application Hosting for Hospitals Faster, More Efficient With ExtraHop, McKesson identified the root cause of slow Citrix XenApp application launches and adopted a more intelligent, proactive IT operations model that...
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Applications White Papers | Webcasts