Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Microsoft Closely Monitors New Vista Vulnerability

Microsoft is aware and acknowledges that it has new zero-day vulnerability. The company has announced on December 23, 2006 in Microsoft's security blog posting that the exploit's 'proof of concept' code is valid.

The security blog said that the company has publicly released the 'proof of concept' that attacks the Client Server Runtime Subsystem (CSRSS). The CSRSS launches and closes applications as one of its functions.

Mike Reavey, operations manager of the Microsoft Security Response Center, has assured that the company is keeping an adequate watch on what it is being posted by public. The posting appeared for the first time on December 15, 2006 in a Russian language forum. It affects "csrss.exe", which is the primary executable for the Microsoft CSRSS.

In Reavey's words, apart from discussing the vacation, the reason for his writing on the blog is that they are monitoring the developments linked to public posting of the "proof of concept" code. The code targets a component in the CSRSS.

The code makes an impact on all existing Windows system, (including Vista), however, apparently, it's not highly dangerous. This is because it needs an attacker to access to a network prior to applying the code.

With the appropriate access, an attacker could plant malicious code in the CSRSS, thereby assigning himself privileges to the extent that of an administrator, cautioned Thomas Kristensen, CTO, Secunia. Since the execution of the code requires somebody to be already using a computer or have acquired access to a network, Secunia has labeled the flaw as "less critical".
Reavey added that the findings are preliminary and Microsoft has enforced its emergency response team, which includes experts from different fields examining the issue deeply to assess the full range and potential of its impact on Microsoft's customers. The firm has, however, not detected any public attack due to this exploit code.

The technique involved in the attack and the manner of its exploitation shows the absence of a real protection for end users. Therefore, the only protection is to have adequate patches and up-to-date malware, spyware, and virus scanning software.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

ยป SPAMfighter News - 12/28/2006

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page