The Microsoft Security Response Center (MSRC) is reporting that a new vulnerability has been confirmed which affects a handful of Windows operating systems: Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2, and Windows Vista. According to the blog (http://blogs.technet.com/msrc/archiv...rability.aspx), Microsoft has seen public proof of concept code that targets the Client Server Run-Time Subsystem. "Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system," the blog said.

Although the issue affects Windows Vista, the Microsoft Security Response Center still stresses its faith in the operating system. "While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date," the MSRC team member assured us.

Over the holidays, Microsoft is going to monitor the vulnerability closely, and if it becomes a major threat, will release the necessary documentation to provide customers with more in-depth information.

Source: http://arstechnica.com/journals/micr...006/12/21/6376