ne0 0 Report post Posted December 30, 2006 There's a vulnerability in MS Windows that may cause serious problems related with the module csrss.exe . Here below is listed vulnerable systems: Microsoft Windows XP Tablet PC Edition SP2Microsoft Windows XP Tablet PC Edition SP1Microsoft Windows XP Tablet PC EditionMicrosoft Windows XP Professional SP2Microsoft Windows XP Professional SP1Microsoft Windows XP ProfessionalMicrosoft Windows XP Media Center Edition SP2Microsoft Windows XP Media Center Edition SP1Microsoft Windows XP Media Center EditionMicrosoft Windows XP Home SP2Microsoft Windows XP Home SP1Microsoft Windows XP HomeMicrosoft Windows Vista December CTPMicrosoft Windows Vista beta 2Microsoft Windows Vista Beta 1Microsoft Windows Vista BetaMicrosoft Windows Server 2003 Web Edition SP1 Beta 1Microsoft Windows Server 2003 Web Edition SP1Microsoft Windows Server 2003 Web EditionMicrosoft Windows Server 2003 Standard Edition SP1 Beta 1Microsoft Windows Server 2003 Standard Edition SP1Microsoft Windows Server 2003 Standard EditionMicrosoft Windows Server 2003 Enterprise Edition SP1 Beta 1Microsoft Windows Server 2003 Enterprise Edition SP1Microsoft Windows Server 2003 Enterprise EditionMicrosoft Windows Server 2003 Datacenter Edition SP1 Beta 1Microsoft Windows Server 2003 Datacenter Edition SP1Microsoft Windows Server 2003 Datacenter EditionMicrosoft Windows 2000 Server SP4Microsoft Windows 2000 Server SP3Microsoft Windows 2000 Server SP2Microsoft Windows 2000 Server SP1Microsoft Windows 2000 Professional SP4Microsoft Windows 2000 Professional SP3Microsoft Windows 2000 Professional SP2Microsoft Windows 2000 Professional SP1Microsoft Windows 2000 ProfessionalMicrosoft Windows 2000 Datacenter Server SP4Microsoft Windows 2000 Datacenter Server SP3Microsoft Windows 2000 Datacenter Server SP2Microsoft Windows 2000 Datacenter Server SP1Microsoft Windows 2000 Datacenter ServerMicrosoft Windows 2000 Advanced Server SP4Microsoft Windows 2000 Advanced Server SP3Microsoft Windows 2000 Advanced Server SP2Microsoft Windows 2000 Advanced Server SP1Microsoft Windows 2000 Advanced Server Microsoft Windows Csrss HardError Messages Multiple Vulnerabilities.Microsoft Windows is prone to a local denial-of-service and information disclosure vulnerabilities because the operating system fails to handle certain API calls with unexpected parameters.A local unprivileged attacker may exploit these issues by executing a malicious application.Successful exploits will allow attackers to retrieve sensitive information or crash the operating system, denying further service to legitimate users. Reportedly, these issues may also be exploited to execute arbitrary code with SYSTEM-level privileges. The only way to be secure against this vulnerability is not to download untrusted applications (viruses) . If downloaded, may cause serious problems like information disclosure and etc.With this vulnerability a virusmaker is able to code an exploit that may steal passwords from dial-ups, steal some informations from cookies, or bank accounts , etc. Or a keylogger maybe coded. Share this post Link to post Share on other sites
bakr_2k5 0 Report post Posted December 31, 2006 May I ask if the x64 versions are affected also?They don't seem to be on your version list :)Hope not :)bakr_2k5 Share this post Link to post Share on other sites
nightfox1405241487 0 Report post Posted December 31, 2006 May I ask if the x64 versions are affected also?They don't seem to be on your version list Hope not bakr_2k5Dude, it's M$... of course it's probably affected by x64 versions.What I find funny is that this venerability has been around since Win2K and has spread into some builds of Vista! Who really believes that Vista is a complete re-write? [N]F Share this post Link to post Share on other sites
ne0 0 Report post Posted December 31, 2006 What I find funny is that this venerability has been around since Win2K and has spread into some builds of Vista! Who really believes that Vista is a complete re-write?Probably you are right. But first of all let's analyze the source code of an exploit given at : _downloads.securityfocus.com/vulnerabilities/exploits/21688.c_In my opinion (i'm not good at coding), probably the kernel of Vista is similar to the kernel of previous versions of Windows (NT based ones) . I mean there maybe similarity with ring0s between Windows versions. Only the change in Vista versions of Windows from previous ones is related to user-level APIs , i think. As known user API calls are directed to ntdll.dll (Native API, not documented). I think MS (or M$ ) did not changed these ntdll functions (or some of them are changed) . They probably changed the kernel32.dll , user32.dll , and especially gdi32.dll (because there are many changes in graphics in Vista) and of course maybe there are some more other changes. And that's why, probably , Vista is also affected too. Share this post Link to post Share on other sites
ne0 0 Report post Posted December 31, 2006 The only one big problem is that , there isn't any patches for this issue.So, it may become potentially dangerous. Currently we are not aware of any vendor-supplied patches for these issues.Microsoft has acknowledged the problem with the Client Server Run-Time Subsystem. The vendor is currently investigating the problem to determine its scope and impact. Share this post Link to post Share on other sites