We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft acknowledges vulnerability in Vista

Proof-of-concept code affects four Windows OSes

A vulnerability that affects four of Microsoft's operating systems, including Vista, doesn't appear to pose a great risk, according to one security vendor.

Microsoft's security blog said proof-of-concept code has been publicly released that targets the Client-Server Runtime Subsystem (CSRSS), which performs functions such as launching and closing applications.

A user could launch malicious code within the CSRSS that would elevate their privileges on a computer, such as going from an ordinary user to an administrator, said Thomas Kristensen, chief technology officer for Secunia AsP in Denmark.

To execute the attack, however, a user would already have to be logged onto a machine or have gained access to the network some other way, Kristensen said. Because of this, Secunia rated the vulnerability as "less critical," he said.

Still, the flaw could potentially let an attacker place a rootkit on a machine and scrub any trace of tampering with the machine, Kristensen said.

"It's still a significant vulnerability which administrators should pay a whole lot of attention to," he said.

Microsoft said it has not heard of attacks using the vulnerability, although it was investigating the impact. The affected systems are Windows 2000 SP4, Windows Server SP1, Windows XP SP2 and Vista, Microsoft said.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

Apple TV setup advice: Apple TV hacks to help you create the ultimate Apple TV hub in your home