Friday, December 22, 2006

MSRC Reports New Windows Vulnerabiliity

First and foremost, although the Microsoft Security Response Center (MSRC) is reporting that they are monitoring developments with regard to a public posting of POC (proof of concept) code , they have also indicated that they have not been any observed public exploitation or attack activity. Here is the report:
. . . we are closely monitoring developments related to a public posting of proof of concept code targeting an issue with the Client Server Run-Time Subsystem. The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems. Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system.

Of course these are preliminary findings and we have activated our emergency response process involving a multitude of folks who are investigating the issue in depth to determine the full scope and potential impact to Microsoft’s customers. Currently we have not observed any public exploitation or attack activity regarding this issue.

While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date. As always, we here at the MSRC encourage everyone to enable a firewall, apply all security updates and install anti-virus and anti-spyware software. {emphasis added}

No comments: