Windows CSRSS vulnerability could allow escalation of privilege
Report ID: MS201302011
Date Published: 22 February 2013
Compromise Type: privilege-escalation
Compromise From: local-system
Windows Server 2008 R2
An escalation of privilege vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) could allow an attacker to run code in the context of the local system.
Microsoft has released a security update to address a vulnerability in Windows Client/Server Runtime Subsystem (CSRSS) that was caused by improper handling of objects in memory. Upon successful exploitation of this vulnerability, an attacker could be able to execute code in the context of the local system.
The latest update has introduces a fix for this vulnerability by correcting the way that Windows CSRSS handles objects in memory. Users are recommended to install the latest update to protect their system.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-019)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.