MS11-010 MS11-010 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)
Important2011-02-08 Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of these operating systems. For more information, see the subsection, Affected and Non-Affected Software, in this section. The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and starts a specially crafted application that continues running after the attacker logs off in order to obtain the logon credentials of subsequent users. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
Max CVSS
4.7
EPSS Score
0.05%
Published
2011-02-09
Updated
2018-10-12