Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is caused due to a memory allocation error in the Client/Server Runtime Subsystem (CSRSS) when handling certain user transactions. This can be exploited to corrupt memory and execute arbitrary code with escalated privileges.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• CVE ID: 2010-1891 (see also: NVD)
• Microsoft Knowledge Base Article: 2121546
• Secunia Advisory ID: 41420
• SCIP VulDB ID: 4185
• Bugtraq ID: 43121
• Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx
• News Article: http://www.theregister.co.uk/2010/09/10/ms_patch_tuesday_pre_alert/
• Microsoft Security Bulletin: MS10-069

• IBM Japan - IBM Japan