CVE-2011-0030

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2

Description An issue exists in the way the Windows Client/Server Run-time Subsystem (CSRSS) terminates a process when a user logs off, allowing local users to obtain sensitive information or gain privileges via a crafted application. This could enable an attacker to monitor the actions of a subsequent user, potentially disclosing sensitive information or accessing data that was accessible to the logged-on user, including logon credentials. If a user with administrative privileges logs on, the attacker could run arbitrary code in kernel mode.

Recommendations For Microsoft Windows XP versions SP2 through SP3, update to a version that includes the fix for this issue. For Microsoft Windows Server 2003 version SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive data and limiting user privileges to minimize the risk of exploitation.