Sihan Qing

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 **Description** An issue exists in the way the Windows Client/Server Run-time Subsystem (CSRSS) terminates a process when a user logs off, allowing local users to obtain sensitive information or gain privileges via a crafted application. This could enable an attacker to monitor the actions of a subsequent user, potentially disclosing sensitive information or accessing data that was accessible to the logged-on user, including logon credentials. If a user with administrative privileges logs on, the attacker could run arbitrary code in kernel mode. **Recommendations** For Microsoft Windows XP versions SP2 through SP3, update to a version that includes the fix for this issue. For Microsoft Windows Server 2003 version SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive data and limiting user privileges to minimize the risk of exploitation.