Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (2121546) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS10-069.

Impact

Successful exploitation could allow attackers to execute arbitrary code with SYSTEM privileges. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx

Insight

The flaw is caused by a heap overflow error in the 'Windows Client/Server Runtime Subsystem (CSRSS)' which does not always allocate sufficient memory when handling specific user transactions.

Affected

Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2003 Service Pack 2.

References

http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx
http://www.vupen.com/english/advisories/2010/2390

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1891
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft 'ISATAP' Component Spoofing Vulnerability (978338)
Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832)
Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)
Microsoft Lync Server Remote Denial of Service Vulnerability (2990928)
Microsoft Groove Server HTML Sanitisation Component XSS Vulnerability (2821818)

Take action and discover your vulnerabilities