Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (2121546) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS10-069.

Impact

Successful exploitation could allow attackers to execute arbitrary code with SYSTEM privileges. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx

Insight

The flaw is caused by a heap overflow error in the 'Windows Client/Server Runtime Subsystem (CSRSS)' which does not always allocate sufficient memory when handling specific user transactions.

Affected

Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2003 Service Pack 2.

References

http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx
http://www.vupen.com/english/advisories/2010/2390

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1891

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Windows Search Script Execution Vulnerability (963093)
Microsoft Windows SAMR Protocol Security Bypass Vulnerability (2934418)
Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
Microsoft SQL Server Elevation of Privilege Vulnerability (2984340)
Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)

Take action and discover your vulnerabilities