Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (2121546) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS10-069.

Impact

Successful exploitation could allow attackers to execute arbitrary code with SYSTEM privileges. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx

Insight

The flaw is caused by a heap overflow error in the 'Windows Client/Server Runtime Subsystem (CSRSS)' which does not always allocate sufficient memory when handling specific user transactions.

Affected

Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2003 Service Pack 2.

References

http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx
http://www.vupen.com/english/advisories/2010/2390

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1891

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Visio Information Disclosure Vulnerability (2834692)
Microsoft .NET Framework Information Disclosure Vulnerability (2567951)
Microsoft IIS Malformed File Extension Denial of Service Vulnerability
Microsoft Office Security Feature Bypass Vulnerability (2961033)
Microsoft 'ISATAP' Component Spoofing Vulnerability (978338)

Take action and discover your vulnerabilities