Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (2121546) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS10-069.

Impact

Successful exploitation could allow attackers to execute arbitrary code with SYSTEM privileges. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx

Insight

The flaw is caused by a heap overflow error in the 'Windows Client/Server Runtime Subsystem (CSRSS)' which does not always allocate sufficient memory when handling specific user transactions.

Affected

Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2003 Service Pack 2.

References

http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx
http://www.vupen.com/english/advisories/2010/2390

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1891

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Exchange 2000 Exhaust CPU Resources (Q320436)
Microsoft .NET Framework Security Bypass Vulnerability (2984625)
Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
Microsoft SharePoint Foundation Privilege Elevation Vulnerability (3000431)
Microsoft Visio Information Disclosure Vulnerability (2834692)

Take action and discover your vulnerabilities