Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Local Privilege Elevation Vulnerability
Last Update Date:
28 Jan 2011
Release Date:
10 Feb 2010
5227
Views
RISK: Medium Risk
An elevation of privilege vulnerability exists because the Windows Client/Server Run-time Subsystem (CSRSS) does not properly terminate user processes when a user logs out. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact
- Elevation of Privilege
System / Technologies affected
- Windows Server 2000
- Windows XP
- Windows Server 2003
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
Vulnerability Identifier
Source
Related Link
Share with