SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Client-Server Run-time Subsystem Vendors:   Microsoft
Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1025045
SecurityTracker URL:  http://securitytracker.com/id/1025045
CVE Reference:   CVE-2011-0030   (Links to External Site)
Date:  Feb 9 2011
Impact:   Disclosure of authentication information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): XP SP3, 2003 SP2; and prior service packs
Description:   A vulnerability was reported in the Windows Client-Server Run-time Subsystem (CSRSS). A local user can obtain elevated privileges on the target system.

A local user can execute code to monitor the actions of a target user that subsequently logs into the system.

Sihan Qing (Professor), Weiping Wen (Associate Professor), Liang Yi and Husheng Zhou (Graduate students), Department of Information Security, Beijing University, reported this vulnerability.

Impact:   A local user can monitor the actions of a target user to obtain information, potentially including authentication credentials.
Solution:   The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=CFA10178-9859-4E03-BEDC-E3F5297A0251

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=9F0B7B77-5B90-4A4B-97A4-0C1CE6A70126

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=AED08B96-24CC-4E23-8FD5-C7E52F8EF41A

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=CA7879E1-E295-445D-A658-0A31BE1928CC

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=50855101-A15C-4C81-AD81-A7FE3F1D2026

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms11-010.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms11-010.mspx (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC