Update Protection against Microsoft Windows CSRSS LPC_PORT_CLOSED Information Disclosure Vulnerability (MS11-010)
| Check Point Reference: | CPAI-2011-080 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS11-010 | |
| Industry Reference(s): | CVE-2011-0030 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP2 (Itanium) | ||
| Vulnerability Description An elevation of privilege vulnerability has been reported in the way that the Windows Client/Server Run-time Subsystem (CSRSS) terminates a process when a user logs off. The Client/Server Run-time Subsystem (CSRSS) is the user-mode portion of the Win32 subsystem. CSRSS is an essential subsystem that must be running at all times. CSRSS is responsible for console windows, and creating and/or deleting threads. An attacker who successfully exploited this vulnerability could run code designed to monitor the actions of a user who subsequently logged on to the system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS11-010 |
|
|
Vulnerability Details The vulnerability is due to the way that the Windows CSRSS processes LPC_PORT_CLOSED from user processes. This would allow malicious processes to stay running when the user has logged out of the system. A local attacker can exploit this issue to keep the process running while logged out, potentially allowing information disclosure. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense,go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.