Windows CSRSS vulnerability could allow escalation of privilege
Report ID: MS201302011
Date Published: 22 February 2013
Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system
Affected Product/Component:
Windows 7
Windows Server 2008 R2
Summary
An escalation of privilege vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) could allow an attacker to run code in the context of the local system.
Detailed Description
Microsoft has released a security update to address a vulnerability in Windows Client/Server Runtime Subsystem (CSRSS) that was caused by improper handling of objects in memory. Upon successful exploitation of this vulnerability, an attacker could be able to execute code in the context of the local system.
The latest update has introduces a fix for this vulnerability by correcting the way that Windows CSRSS handles objects in memory. Users are recommended to install the latest update to protect their system.
CVE Reference
CVE-2013-0076
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-019)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
