MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2790113) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS13-019.

Impact

Successful exploitation will allow attackers to gain escalated privileges and execute the code. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-019

Insight

The flaw is due to an error in the Client/Server Run-time Subsystem (CSRSS) when handling the reference counter for certain objects in memory and can be execute code with escalated privileges.

Affected

Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior Microsoft Windows Server 2008 R2 Edition Service Pack 1 and prior

References

http://secunia.com/advisories/52162/
http://support.microsoft.com/kb/2790113
http://technet.microsoft.com/en-us/security/bulletin/ms13-019
http://www.securitytracker.com/id/1028127

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0076

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)
Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
Embedded OpenType Font Engine Remote Code Execution Vulnerability (982132)
Cumulative Security Update for Internet Explorer (937143)
Microsoft Internet Explorer Memory Corruption Vulnerability (2755801)

Take action and discover your vulnerabilities