 |  |  |  |  |  |  |  |
Vista Exploit Surfaces on Russian Hacker Site
 |
Proof-of-concept exploit code for a privilege escalation vulnerability affecting all versions of Windows—including Vista—has been posted on a Russian hacker forum, forcing Microsoft to activate its emergency response process.
Mike Reavey, operations manager of the Microsoft Security Response Center, confirmed that the company is “closely monitoring” the public posting, which first appeared on a Russian language forum on Dec. 15. It affects “csrss.exe,” which is the main executable for the Microsoft Client/Server Runtime Server.
According to an alert cross-posted to security mailing lists, the vulnerability is caused by a memory corruption when certain strings are sent through the MessageBox API.
“The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems,” Reavey said in an entry posted late Dec. 21 on the MSRC blog.
Mike Reavey, operations manager of the Microsoft Security Response Center, confirmed that the company is “closely monitoring” the public posting, which first appeared on a Russian language forum on Dec. 15. It affects “csrss.exe,” which is the main executable for the Microsoft Client/Server Runtime Server.
According to an alert cross-posted to security mailing lists, the vulnerability is caused by a memory corruption when certain strings are sent through the MessageBox API.
“The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems,” Reavey said in an entry posted late Dec. 21 on the MSRC blog.
Last edited by happygeek; Jan 11th, 2007 at 12:17 pm. Reason: URL snipped - keep it on-site please
|
Similar Threads
- Mute Button (Windows Software)
- Mirror/Copy Internal HD to ex HD (IT Professionals' Lounge)
- Firefox Hackers Discovered. (Web Browsers)
- Whoa, look what I stumbled upon! (Community Introductions)
- Hi all something different (Website Reviews)
- Virus Programming (Assembly)
- IE works on aol, but the "real" IE does not load (Web Browsers)
- another d.s.o. exploit... ONE site unreachable ? (Viruses, Spyware and other Nasties)
Other Threads in the Windows Vista and Windows 7 Forum
- Previous Thread: Windows isn't all bad
- Next Thread: Q&A with Microsoft about Windows Vista
| Thread Tools | Search this Thread |
Latest Windows Vista and Windows 7 Posts
Related Forum Features
Tag cloud for Windows Vista and Windows 7
.net 7 32bit acquisitions advertising android apple azure ballmer beta billgates blackberry blog centro cloudcomputing code computer computing desktop development downloads drm economy error failure free freeze freezes.hangs gartner google government hp ie8 intel internetexplorer ip iphone itunes killswitch licenses licensing linux mac merger microsoft midori mobile mode mojave monopolies nap newbie news operating operatingsystem operatingsystems opinion os osx patch patents pc pirate recycle research russia security seinfeld server smcwpci-n software sp1 sp2 sp3 spyware steve steveballmer survey system touchscreen ubuntu unix upgrade virtual virtualization virus vista volume win7 windows windows7 windowsmobile windowsserver windowsvista windowsxp wpa2 wpf xenocode xp yahoo
