Microsoft has warned about the public release of hacking code that could allow someone to seize control of a Windows computer.
The software giant's security blog said the proof-of-concept code targets the Client-Server Runtime Subsystem (CSRSS), which performs functions such as launching and closing applications.
It all current Windows system, including Vista, but doesn't appear to pose a great risk as it requires an attacker to have network access before they can use the code.
With the right access, however, a user could launch malicious code within the CSRSS that elevates their privileges all the way up to administrator, warned Thomas Kristensen, chief technology officer for Secunia. Since someone would already have to be logged onto a machine or have gained access to the network some other way, Secunia has nonetheless rated the hole "less critical".
The flaw could potentially let an attacker place a rootkit on a machine and scrub any trace of tampering with the machine, Kristensen said. "It's still a significant vulnerability which administrators should pay a whole lot of attention to," he said.
Microsoft said it has not heard of attacks using the vulnerability, although it was investigating the impact. The affected systems are Windows 2000 SP4, Windows Server SP1, Windows XP SP2 and Vista.
Find your next job with techworld jobs