Microsoft is looking into a potential vulnerability affecting Vista and other versions of Windows.
Researchers at security vendor Determina reported the vulnerability to Microsoft after a proof-of-concept exploit was posted to a Russian Web site on Dec. 15.
The flaw, which affects the method in which the Windows Client/Server Runtime Server Subsystem (CSRSS) processes certain types of error messages, could allow an authenticated user to execute malicious code and gain elevated privileges on the affected machine, according to Redwood Shores, Calif.-based Determina.
The Windows 2000 Service Pack 4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems are affected by the flaw, Determina said.
In a Thursday post on its Security Response Center Blog, Microsoft said it's closely monitoring developments around the proof of concept but indicated that attacks using the vulnerability have yet to materialize.
Danish security research firm Secunia didn't view the vulnerability as serious, giving it a threat rating of "less critical," or 2 on a 5-point scale. The French Security Incident Research Team (FrSIRT) had a similar view, calling it a "moderate risk," or 2 on a 4-point scale.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
