Microsoft itself has found a new vulnerability in Windows that not only affects XP but Vista as well.
Mike Reavey, writing in the Microsoft Security Response Center blog, says that the team are “closely monitoring developments related to a public posting of proof of concept code targeting an issue with the Client Server Run-Time Subsystem”.
This proof of concept allows for “local elevation of privilege” on Windows 2000 SP4, Server 2003 SP1, XP SP1 and SP2, and Vista.
However, the threat may not be as great as suggested, as the attacker must already have authenticated access to the system.
Reavey cautions that these are preliminary findings, and the company is researching it further; there has been no known public exploitation so far.
Eager to ensure Vista doesn’t get a bad name before it’s even launched, Reavey writes, “While I know this is a vulnerability that impacts Windows Vista, I still have every confidence that Windows Vista is our most secure platform to date”.