Jump to content
xisto Community
ne0

MS Windows CSRSS Vulnerability

Recommended Posts

There's a vulnerability in MS Windows that may cause serious problems related with the module csrss.exe .

Here below is listed vulnerable systems:

Microsoft Windows XP Tablet PC Edition SP2Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows Vista December CTP
Microsoft Windows Vista beta 2
Microsoft Windows Vista Beta 1
Microsoft Windows Vista Beta
Microsoft Windows Server 2003 Web Edition SP1 Beta 1
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Standard Edition SP1 Beta 1
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server


Microsoft Windows Csrss HardError Messages Multiple Vulnerabilities.
Microsoft Windows is prone to a local denial-of-service and information disclosure vulnerabilities because the operating system fails to handle certain API calls with unexpected parameters.

A local unprivileged attacker may exploit these issues by executing a malicious application.

Successful exploits will allow attackers to retrieve sensitive information or crash the operating system, denying further service to legitimate users. Reportedly, these issues may also be exploited to execute arbitrary code with SYSTEM-level privileges.


The only way to be secure against this vulnerability is not to download untrusted applications (viruses) . If downloaded, may cause serious problems like information disclosure and etc.
With this vulnerability a virusmaker is able to code an exploit that may steal passwords from dial-ups, steal some informations from cookies, or bank accounts , etc. Or a keylogger maybe coded.

Share this post


Link to post
Share on other sites

May I ask if the x64 versions are affected also?They don't seem to be on your version list :)
Hope not :)

bakr_2k5

Dude, it's M$... of course it's probably affected by x64 versions.

What I find funny is that this venerability has been around since Win2K and has spread into some builds of Vista! Who really believes that Vista is a complete re-write? :)

[N]F

Share this post


Link to post
Share on other sites

What I find funny is that this venerability has been around since Win2K and has spread into some builds of Vista! Who really believes that Vista is a complete re-write?

Probably you are right.
But first of all let's analyze the source code of an exploit given at :

_downloads.securityfocus.com/vulnerabilities/exploits/21688.c_

In my opinion (i'm not good at coding), probably the kernel of Vista is similar to the kernel of previous versions of Windows (NT based ones) . I mean there maybe similarity with ring0s between Windows versions. Only the change in Vista versions of Windows from previous ones is related to user-level APIs , i think. As known user API calls are directed to ntdll.dll (Native API, not documented). I think MS (or M$ :) ) did not changed these ntdll functions (or some of them are changed) . They probably changed the kernel32.dll , user32.dll , and especially gdi32.dll (because there are many changes in graphics in Vista) and of course maybe there are some more other changes. And that's why, probably , Vista is also affected too.

Share this post


Link to post
Share on other sites

The only one big problem is that , there isn't any patches for this issue.
So, it may become potentially dangerous.

Currently we are not aware of any vendor-supplied patches for these issues.Microsoft has acknowledged the problem with the Client Server Run-Time Subsystem. The vendor is currently investigating the problem to determine its scope and impact.


Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.