|
|
|
Vulnerability Note VU#219848Microsoft Windows Vista CSRSS privilege escalation vulnerabilityOverviewThe Microsoft Windows Client/Server Run-time Subsystem (CSRSS) process fails to properly handle error messages. This vulnerability may allow an attacker to execute arbitrary code.I. DescriptionThe Microsoft Client/Server Run-time Subsystem (CSRSS) is an essential subsystem. CSRSS is responsible for console windows and creating and deleting threads.According to Microsoft Security Bulletin MS07-021: A privilege elevation vulnerability exists in the way that the Windows 32 Client/Server Run-time Subsystem (CSRSS) handles its connections during the startup and stopping of processes. II. ImpactA local authenticated attacker may be able to gain elevated privileges.III. SolutionApply update from MicrosoftMicrosoft has released an update for this vulnerability in Microsoft Security Bulletin MS07-021.
References
Thanks to Microsoft for information that was used in this report. Microsoft credits eEye for reporting this vulnerability. This document was written by Ryan Giobbi.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader