MORE ENTRIES
- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
Security Adviser | Roger A. Grimes »
Low threat Vista exploit
RATE THIS ARTICLE:
December 21, 2006 | Comments: (0)
Low threat Vista exploit
Several people are reporting a local exploit that can leverage a regular or admin user to the System account.
The CSRSS process is exploitable in Windows 2000 and above. You can read the report here.
And no, this doesn't make me take back my statement that Windows Vista is a secure OS. Privileged escalation exploits that need a logged on local user to begin with aren't much of a threat. There are many ways to accomplish the same thing.
Posted by Roger Grimes on December 21, 2006 05:19 PM
RATE THIS ARTICLE:
-
- COMMENTS
TOP STORIES
HP buys EDS for $13.9 billionCorporate software spending slows
MS targets smartphone market
SOA Software buys LogicLibrary
Phishers scamming IRS rebates
Sun to clarify JavaFX plan
MS' dev tool service packs
Developers' role shifting
MS: SP3 reboots OEMs' fault
Apple: iPhone out of stock
ADDITIONAL RESOURCES
- Application Security: Threats and How to Counter Them
- Why Linux Threats Mean Business
- Minding the Machines: PC Disaster Recovery for the Enterprise
- Protect Your Data with SSL
- Prevent Your Next Microsoft Exchange Outage
- 11 Myths About Microsoft Exchange Backup & Recovery
