CVE-2013-0076

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2008 R2 and R2 SP1 Microsoft Windows 7 Gold and SP1

Description The issue arises from the improper handling of objects in memory by the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows. This allows local users to gain privileges via a crafted application. An elevation of privilege vulnerability exists when the Windows CSRSS improperly handles objects in memory, enabling an attacker to run arbitrary code in the context of the local system. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows Server 2008 R2 and R2 SP1, apply the necessary patch to fix the improper handling of objects in memory by the CSRSS. For Microsoft Windows 7 Gold and SP1, apply the necessary patch to fix the improper handling of objects in memory by the CSRSS. As a temporary workaround, consider restricting access to the CSRSS to minimize the risk of exploitation.