MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2790113) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS13-019.

Impact

Successful exploitation will allow attackers to gain escalated privileges and execute the code. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-019

Insight

The flaw is due to an error in the Client/Server Run-time Subsystem (CSRSS) when handling the reference counter for certain objects in memory and can be execute code with escalated privileges.

Affected

Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior Microsoft Windows Server 2008 R2 Edition Service Pack 1 and prior

References

http://secunia.com/advisories/52162/
http://support.microsoft.com/kb/2790113
http://technet.microsoft.com/en-us/security/bulletin/ms13-019
http://www.securitytracker.com/id/1028127

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0076

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
Internet Explorer Vector Markup Language Remote Code Execution Vulnerability (2544521)
Microsoft Forefront Protection For Exchange RCE Vulnerability (2927022)
Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)

Take action and discover your vulnerabilities