Microsoft Closely Monitors New Vista Vulnerability
Microsoft is aware and acknowledges that it has new zero-day vulnerability. The company has announced on December 23, 2006 in Microsoft's security blog posting that the exploit's 'proof of concept' code is valid.
The security blog said that the company has publicly released the 'proof of concept' that attacks the Client Server Runtime Subsystem (CSRSS). The CSRSS launches and closes applications as one of its functions.
In Reavey's words, apart from discussing the vacation, the reason for his writing on the blog is that they are monitoring the developments linked to public posting of the "proof of concept" code. The code targets a component in the CSRSS.
The code makes an impact on all existing Windows system, (including Vista), however, apparently, it's not highly dangerous. This is because it needs an attacker to access to a network prior to applying the code.
With the appropriate access, an attacker could plant malicious code in the CSRSS, thereby assigning himself privileges to the extent that of an administrator, cautioned Thomas Kristensen, CTO, Secunia. Since the execution of the code requires somebody to be already using a computer or have acquired access to a network, Secunia has labeled the flaw as "less critical".
The technique involved in the attack and the manner of its exploitation shows the absence of a real protection for end users. Therefore, the only protection is to have adequate patches and up-to-date malware, spyware, and virus scanning software.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 28-12-2006