Microsoft investigates Windows Vista flaw

Article

Microsoft investigates Windows Vista flaw

Bill Brenner, Senior News Writer
Microsoft is investigating reports of a new flaw in Windows Vista and other versions of the operating system. Local users could exploit it to boost their system privileges and run malicious commands on the network.

Mike Reavey of the Microsoft Security Response Center (MSRC) said in a blog posting

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

early Friday that the center is "closely monitoring" developments surrounding a public posting of proof-of-concept (PoC) code targeting an issue with the Windows Client/Server Runtime Server Subsystem (CSRSS).

"The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems," Reavey said. "Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system."

Redwood City, Calif.-based security vendor Determina said in an advisory that the problem is in how CSRSS processes HardError messages. "This vulnerability allows a logged-on user to execute arbitrary code in the CSRSS.EXE process and elevate their privileges to SYSTEM level," Determina said, adding that the flaw was first disclosed Dec. 15.

Security researchers concluded that the vulnerability is primarily a danger in the hands of a malicious insider and is not remotely exploitable. For that reason, Danish vulnerability clearinghouse Secunia rated the flaw less critical, while the French Security Incident Response Team (FrSIRT) rated it a moderate risk.

FrSIRT said the specific Windows versions affected by the flaw are:

  • Vista Home
  • Vista Business
  • Vista Enterprise
  • Windows 2000 Service Pack 4
  • Windows XP Service Pack 2
  • Windows XP Service Pack 1
  • Windows Server 2003 Service Pack 1

To mitigate the threat, Secunia recommended that IT shops only grant network access to trusted users.

Reavey said Vista users shouldn't be discouraged by the flaw. "While I know this is a vulnerability that impacts Windows Vista, I still have every confidence that Windows Vista is our most secure platform to date," he said.