Vigil@nce - Windows: privilege elevation via CSRSS
December 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can send a message to a privileged process, in
order to gain its privileges.
Severity: 2/4
Creation date: 14/12/2011
IMPACTED PRODUCTS
– Microsoft Windows 2003
– Microsoft Windows 2008
– Microsoft Windows 7
– Microsoft Windows Vista
– Microsoft Windows XP
DESCRIPTION OF THE VULNERABILITY
The CSRSS (Client/Server Run-time Subsystem) subsystem manages
users’ consoles and processes.
The Csrsrv.dll library manages messages exchanged between
processes. However, it does not forbid a user process to send a
Device Event message to a privileged process.
A local attacker can therefore send a message to a privileged
process, in order to gain its privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-privilege-elevation-via-CSRSS-11223