The CSRSS Bug and Vista

[Symantec]

The CSRSS Bug and Vista
<p>With the <a href="http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html">public advisory</a> by Determina about a double-free bug in a CSRSS message function, the immediate question was: does it really affect Vista? The short answer is "yes, but not reliably." Arbitrary code execution is possible, but requires a great deal of luck, though a denial-of-service is definitely possible. The long answer is described by Matthew Conover <a href="http://atr.corp.symantec.com/index.php?option=com_content&task=view&id=352&Item id=51">here</a>.</p>

<p>Why the fuss? Simply put, successful exploitation of the bug allows even the most restricted user-mode application to elevate its privileges to the System level. From there, the kernel is accessible even on Vista. Even without entering the kernel, System-level privileges allow almost complete control of the system, so the possibilities are limited only by the imagination.</p>

<p>Of course, that the bug isn't reliable on Vista doesn't mean that everyone can relax. The bug does affect earlier versions of Windows, where arbitrary code execution is far easier to achieve. Is it likely to be exploited? Oh yes. Not such a happy New Year.<br />
</p>
http://www.symantec.com/enterprise/security_response/weblog/2007/01/the_csrss_bug_and_vista.html
http://www.symantec.com/enterprise/security_response/weblog/2007/01/the_csrss_bug_and_vista.html
Fri, 05 Jan 2007 06:45:00 -0800