Microsoft investigates Windows Vista flaw

By Bill Brenner, Senior News Writer 22 Dec 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Mike Reavey of the Microsoft Security Response Center (MSRC) said in a blog posting early Friday that the center is "closely monitoring" developments surrounding a public posting of proof-of-concept (PoC) code targeting an issue with the Windows Client/Server Runtime Server Subsystem (CSRSS).

"The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems," Reavey said. "Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system."

Redwood City, Calif.-based security vendor Determina said in an advisory that the problem is in how CSRSS processes HardError messages. "This vulnerability allows a logged-on user to execute arbitrary code in the CSRSS.EXE process and elevate their privileges to SYSTEM level," Determina said, adding that the flaw was first disclosed Dec. 15.

Security researchers concluded that the vulnerability is primarily a danger in the hands of a malicious insider and is not remotely exploitable. For that reason, Danish vulnerability clearinghouse Secunia rated the flaw less critical, while the French Security Incident Response Team (FrSIRT) rated it a moderate risk.

FrSIRT said the specific Windows versions affected by the flaw are:

• Vista Home
• Vista Business
• Vista Enterprise
• Windows 2000 Service Pack 4
• Windows XP Service Pack 2
• Windows XP Service Pack 1
• Windows Server 2003 Service Pack 1

To mitigate the threat, Secunia recommended that IT shops only grant network access to trusted users.

Reavey said Vista users shouldn't be discouraged by the flaw. "While I know this is a vulnerability that impacts Windows Vista, I still have every confidence that Windows Vista is our most secure platform to date," he said.

Tags: Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary