Hardware Upgrade - www.hwupgrade.com Hardware Upgrade - www.hwupgrade.com
Channel
Home
Articles
News
Search
CPU
Video
Mobile
Memory
Software
Cases/Cooling
Internet
Trade Shows
Storage
Motherboard
Italian Version Italian Version
RSS

New Exploit Affects Windows Vista

12/24/2006 10:39:57 PM CST Gabriel Ikram
Category: CPU
 Printable Version
Add to del.icio.us

A new zero day vulnerability has been discovered that can potentially affect computers running four versions of Microsoft Windows. The proof of concept code targets an issue with the Client Server Run-Time Subsystem and could allow hackers to elevate privileges in Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2. The exploit also affects Windows Vista, which is what Microsoft believes to be their most secure operating system to date.

The code, which was first publicly released on this forum by a user named "NULL", affects the Client-Server Runtime Subsystem (CSRSS). The primary function of the CRSS is to launch and close applications.

Using the vulnerability, hackers can potentially raise their privileges on a Windows based PC, allowing them, for example, to go from guest to administrator.

Security vendors, however, are not viewing the exploit as critical because preliminary findings have shown that attackers would have to first gain access to the target PC in order to raise their privilege.

Although Microsoft has so far not heard of any public exploitation regarding the issue, they will still be treating it seriously. On the Microsoft Security Response Center (MSRC) blog, Mike Reavy, program manager with the MSRC, stated, “MSRC will be monitoring overall threat conditions for this and any other issue reported to us. If we do see anything that we believe puts Microsoft customers at risk, or significant new developments, we will update everyone through our standard mechanisms including this blog and if need be, an Advisory with additional details.”

Even though the exploit affects Microsoft’s newest Operating System, Windows Vista, Microsoft’s faith in the new operating system, which will be launched January 30, 2007, has not wavered. Reavy went on to say in his post, “While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date. As always, we here at the MSRC encourage everyone to enable a firewall, apply all security updates and install anti-virus and anti-spyware software.”

Next News
Hackers Claim HD DVD Encryption Circumvented
Prev News
Wikipedia's Founder Announces Google Contender
Privacy  -  Advertise with us  -  About
Copyright 1997 - 2008 - Hardware Upgrade S.r.l. - V.A.T.: 02560740124