Windows Client Server Run-Time POC

Microsoft released a notice on their Microsoft Security Response Center Blog about a possible proof of concept affecting Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems. Initial indications are that you already have to be authenticated.

Aside from discussing the holidays, the reason I am dropping in on the blog is that right now we are closely monitoring developments related to a public posting of proof of concept code targeting an issue with the Client Server Run-Time Subsystem. The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems. Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system. Of course these are preliminary findings and we have activated our emergency response process involving a multitude of folks who are investigating the issue in depth to determine the full scope and potential impact to Microsoft?s customers. Currently we have not observed any public exploitation or attack activity regarding this issue. While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date. As always, we here at the MSRC encourage everyone to enable a firewall, apply all security updates and install anti-virus and anti-spyware software. Source: New report of a Windows vulnerability

They say no current exploitations or attacks have been seen yet.