|MS10-010||Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)||Microsoft Windows||Critical||10-02-2010|
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not affected. The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Detailed Information on the risk:
An elevation of privilege vulnerability exists because the Windows Client/Server Run-time Subsystem (CSRSS) does not properly terminate user processes when a user logs out. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Further information on this exploit is available at : MS10-011
Affected SoftwareMicrosoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows XP Service Pack 2
Windows XP Service Pack 3