Microsoft has received and acknowledged that a new 0-Day exploit is public, and the proof-of-concept code announced for it is valid today on their Security Blog.
The proof-of-concept code targets the CSRSS (Client/Server Runtime Server Subsystem) the part of windows that launches and closes applications, the exploit affects all versions of Windows including the (un)released Windows Vista.
Tested on XP Service Pack 2 the proof-of-concept will cause the computer to crash resulting in a system lockup, system failure (Blue Screen of Death), or simple hard reboot.
Microsoft SRC said today “Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system. Of course these are preliminary findings and we have activated our emergency response process involving a multitude of folks who are investigating the issue in depth to determine the full scope and potential impact to Microsoft’s customers.â€
This is good news for users, as a patch is coming. The potential for attack, rated less critical by Secunia is still problematic if the system is infected by rootkits, or applications designed to allow remote access to a PC. The method of attack, and the way this exploit works, means there is no real protection for end users, other than to ensure you are fully patched, and your malware, spyware, and virus scanning software is running and up to date.
Info Sourced from monstersandcritics.com
