(MS13-019) Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)

  Severity: HIGH
  CVE Identifier: CVE-2013-0076
  Advisory Date: FEB 13, 2013

  DESCRIPTION

This patch addresses a vulnerability found in Microsoft Windows, which could allow elevation of privilege once a remote attacker logs and runs a specially crafted application on the system. Note, however that remote attackers need to log on locally to be able to exploit this.

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Windows 7 for 32-bit Systems
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for Itanium-based Systems
  • Windows Server 2008 R2 for Itanium-based Systems Service Pack 1