Windows CSRSS vulnerability could allow escalation of privilege
Report ID: MS201112011
Date Published: 14 December 2011
Compromise Type: privilege-escalation
Compromise From: local-system
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
An escalation of privilege vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) could allow execution of arbitrary code in the context of another process.
Microsoft has released a security update to address a vulnerability in the Windows Client/Server Run-time Subsystem (CSRSS). The vulnerability was caused by improper validation of permission when communicating a device event message from a lower-integrity process to a higher-integrity process.
In order to exploit this vulnerability, the attacker must first log in to the local system and then run an application that sends a device event message. Upon successful exploit, the attacker could run code in the context of another process, which might run with administrator privileges.
This vulnerability has been patched in the security update by modifying the way CSRSS evaluates inter-process device event message permissions. Users are recommended to install this update as a protection against potential exploits.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-097)