Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MS06-075: csrss local privilege escalation (CVE-2006-5585) SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-075: csrss local privilege escalation (CVE-2006-5585)
Microsoft has release bulletin MS06-075 which addresses a local privilege escalation vulnerability affecting Windows XP SP2 and Windows Server 2003 in the client/server run-time subsystem (csrss) which is a required component of Windows (in other words, it is always running on all Windows machines).  Note, Vista and Windows Server 2003 SP1 are claimed not to be affected at this time, as is Windows 2000 SP4.

We rate this one as important.  If someone can get access to the system via other means (cracked password, etc.) this vulnerability allows that person to elevate their privileges to become administrator by running a specially crafted executable.

References:
KB926255
CVE-2006-5585 (this link isn't live yet)
I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Bethesda 2020

Jim

412 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!