Skip to main content

Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Local Privilege Elevation Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 10 Feb 2010 5227 Views

RISK: Medium Risk

An elevation of privilege vulnerability exists because the Windows Client/Server Run-time Subsystem (CSRSS) does not properly terminate user processes when a user logs out. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


Impact

  • Elevation of Privilege

System / Technologies affected

  • Windows Server 2000
  • Windows XP
  • Windows Server 2003

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch


Vulnerability Identifier


Source


Related Link