Privilege Elevation Vulnerability in Microsoft Windows Client/Server Runtime Subsystem
CVE-2010-0023

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2003 Server; Windows Xp; Windows 2000
Vendor: CVE Published:; 10 February 2010

What is CVE-2010-0023?

The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows platforms fails to terminate processes effectively after a user logs out. This flaw allows local users to exploit the system via specially crafted applications, enabling them to access sensitive information or escalate their privileges during transitions between users. The vulnerability affects multiple versions of Microsoft Windows, making it critical for users and administrators to promptly address it to safeguard against potential unauthorized access.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA10-040A.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2010
Vulnerability Reserved
Dec 14, 2009