Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Microsoft Closely Monitors New Vista Vulnerability

Microsoft is aware and acknowledges that it has new zero-day vulnerability. The company has announced on December 23, 2006 in Microsoft's security blog posting that the exploit's 'proof of concept' code is valid.

The security blog said that the company has publicly released the 'proof of concept' that attacks the Client Server Runtime Subsystem (CSRSS). The CSRSS launches and closes applications as one of its functions.

Mike Reavey, operations manager of the Microsoft Security Response Center, has assured that the company is keeping an adequate watch on what it is being posted by public. The posting appeared for the first time on December 15, 2006 in a Russian language forum. It affects "csrss.exe", which is the primary executable for the Microsoft CSRSS.

In Reavey's words, apart from discussing the vacation, the reason for his writing on the blog is that they are monitoring the developments linked to public posting of the "proof of concept" code. The code targets a component in the CSRSS.

The code makes an impact on all existing Windows system, (including Vista), however, apparently, it's not highly dangerous. This is because it needs an attacker to access to a network prior to applying the code.

With the appropriate access, an attacker could plant malicious code in the CSRSS, thereby assigning himself privileges to the extent that of an administrator, cautioned Thomas Kristensen, CTO, Secunia. Since the execution of the code requires somebody to be already using a computer or have acquired access to a network, Secunia has labeled the flaw as "less critical".
Reavey added that the findings are preliminary and Microsoft has enforced its emergency response team, which includes experts from different fields examining the issue deeply to assess the full range and potential of its impact on Microsoft's customers. The firm has, however, not detected any public attack due to this exploit code.

The technique involved in the attack and the manner of its exploitation shows the absence of a real protection for end users. Therefore, the only protection is to have adequate patches and up-to-date malware, spyware, and virus scanning software.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

ยป SPAMfighter News - 28-12-2006

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next