Proof-of-concept exploit code for a privilege escalation vulnerability affecting all versions of Windows—including Vista—has been posted on a Russian hacker forum, forcing Microsoft to activate its emergency response process.

Mike Reavey, operations manager of the Microsoft Security Response Center, confirmed that the company is “closely monitoring” the public posting, which first appeared on a Russian language forum on Dec. 15. It affects “csrss.exe,” which is the main executable for the Microsoft Client/Server Runtime Server.

According to an alert cross-posted to security mailing lists, the vulnerability is caused by a memory corruption when certain strings are sent through the MessageBox API.

“The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems,” Reavey said in an entry posted late Dec. 21 on the MSRC blog.

<snip>

commented: Twit -4
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.