1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

Vulnerability protection

Windows CSRSS vulnerability could allow escalation of privilege

Report ID: MS201112011
Date Published: 14 December 2011

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system

Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2


An escalation of privilege vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) could allow execution of arbitrary code in the context of another process.

Detailed Description

Microsoft has released a security update to address a vulnerability in the Windows Client/Server Run-time Subsystem (CSRSS). The vulnerability was caused by improper validation of permission when communicating a device event message from a lower-integrity process to a higher-integrity process.

In order to exploit this vulnerability, the attacker must first log in to the local system and then run an application that sends a device event message. Upon successful exploit, the attacker could run code in the context of another process, which might run with administrator privileges.

This vulnerability has been patched in the security update by modifying the way CSRSS evaluates inter-process device event message permissions. Users are recommended to install this update as a protection against potential exploits.

CVE Reference



Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-097)

Online Virus Scanner

Run a quick online virus scan of your computer.