Windows Vista bug for the holidays

Just as most people prepared for the holidays (and yours truly was on his way out of the country to be with family), Microsoft reported that it was looking into a new Windows security issue that also affects Windows Vista.

A security vulnerability exists in the Client Server Run-Time Subsystem in Windows 2000, Windows Server 2003, Windows XP and Windows Vista, the Microsoft Security Response Center reported on its blog late on December 21.

The bug doesn't appear to be critical. Sample attack code that exploits the vulnerability allows only for privilege escalation, not remote code execution, according to the blog post. Furthermore, an attacker needs to already have access to a system to be able to exploit the problem, Microsoft said.

"Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system," wrote Mike Reavey, a Microsoft security staffer.

Microsoft has not provided an update on the issue since before Christmas. The MSRC blog posting is still the latest information, a company spokesman said Tuesday.

At the time, the company said that it was not aware of any cyberattacks that exploit the flaw.

Reavey also noted that while the vulnerability impacts Vista, he still has "every confidence that Windows Vista is our most secure platform to date." No surprise there, I say.

Close
Drag