RSS Archive Contact Us Advertise

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Early Vista Bug Not A Reliable Threat
Search:
[ insider_reports_insider ]

Early Vista Bug Not A Reliable Threat



David Utter
Staff Writer
2007-01-08

SecurityProNews: Insider Reports Insider Reports RSS Feed


Although the debut of a threat affecting Windows component csrss.exe could impact the new Vista operating system, it does not appear to have a clear chance of doing so in every case.

Early Vista Bug Not A Reliable Threat
Early Vista Bug Not A Reliable Threat

Microsoft has been digging into the particulars behind some proof of concept code posted online. This code affects the Client Server Run-Time Subsystem, or csrss.exe, and could allow for local privilege elevation on several Windows platforms, including Vista.

"Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system," Microsoft noted on December 22, 2006, on its Security Response Center blog.

Security research firm Determina documented the debut of the proof of concept code. A Russian forum displayed it on December 15th; Determina notified Microsoft, who presumably have a patch in the works.

Symantec researcher Peter Ferrie followed up this disclosure by assessing the code's potential threat to Vista, Microsoft's newest operating system. Vista is set to debut in the consumer market this month, after being released to volume licensing clients in November 2006.

"The short answer is 'yes, but not reliably.' Arbitrary code execution is possible, but requires a great deal of luck, though a denial-of-service is definitely possible," Ferrie wrote in questioning the bug's impact.

Microsoft has touted Vista as its most secure operating system ever. It appears that on a completely unsecured Vista machine the bug could possibly result in privilege escalation, which could in turn lead to virtually complete control of the system.

Of course, Microsoft will gladly sell people protection against threats to its most secure operating system ever, only $49.95 per year for a subscription for up to 3 PCs to Windows OneCare.

---
Tag:

Add to Del.icio.us | Digg | Reddit | Furl

Get all the updates -




About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds