Vigil@nce: Windows 2000, 2003, XP, privileges elevation via CSRSS
February 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can execute a process which keeps executing after
his logout, and captures data of next users connecting to the
system.
Severity: 2/4
Consequences: administrator access/rights, privileged
access/rights, user access/rights
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 10/02/2010
IMPACTED PRODUCTS
– Microsoft Windows 2000
– Microsoft Windows 2003
– Microsoft Windows XP
DESCRIPTION OF THE VULNERABILITY
The CSRSS (Windows Client/Server Run-time Subsystem) manages users
treads and processes.
When a user logouts, CSRSS should end his processes. However, this
is not the case.
A local attacker can therefore execute a process which keeps
executing after his logout, and captures data of next users
connecting to the system.
CHARACTERISTICS
Identifiers: 978037, CVE-2010-0023, MS10-011, VIGILANCE-VUL-9435
http://vigilance.fr/vulnerability/Windows-2000-2003-XP-privileges-elevation-via-CSRSS-9435