Windows CSRSS vulnerability could allow escalation of privilege
Report ID: MS201112011
Date Published: 14 December 2011
Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system
Affected Product/Component:
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Summary
An escalation of privilege vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) could allow execution of arbitrary code in the context of another process.
Detailed Description
Microsoft has released a security update to address a vulnerability in the Windows Client/Server Run-time Subsystem (CSRSS). The vulnerability was caused by improper validation of permission when communicating a device event message from a lower-integrity process to a higher-integrity process.
In order to exploit this vulnerability, the attacker must first log in to the local system and then run an application that sends a device event message. Upon successful exploit, the attacker could run code in the context of another process, which might run with administrator privileges.
This vulnerability has been patched in the security update by modifying the way CSRSS evaluates inter-process device event message permissions. Users are recommended to install this update as a protection against potential exploits.
CVE Reference
CVE-2011-3408
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-097)
F-Secure Health Check
Health Check
Evaluate your computer's security and see recommended updates for popular programs.
