Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows CSRSS vulnerability could allow escalation of privilege


Report ID: MS201201003
Date Published: 11 January 2012

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008




Summary

A vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) could allow an attacker to execute code in the security context of a local system.



Detailed Description

Microsoft has issued an update to patch a vulnerability in Windows Client/Server Run-time Subsystem (CSRSS), which resulted when processing a sequence of specially crafted Unicode characters. The vulnerability poses a significant risk to systems that are configured with a Chinese, Japanese or Korean system locale. In order to exploit it, an attacker must first log on to the system before being able to run a specially crafted application that takes advantage of the vulnerable condition. 

The vulnerability issue has been fixed in the latest update, which introduces changes in the way that CSRSS processes Unicode characters. As a protection measure, users are recommended to install the latest update onto their systems.



CVE Reference

CVE-2012-0005



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-003)




Online Virus Scanner

 
Run a quick online virus scan of your computer.