Microsoft investigated the vulnerability in Windows Vista

Prior to feedback from security circles, Microsoft has investigated a vulnerability allegedly appearing in Windows Vista and some other Windows versions.

The vulnerability was reported by Microsoft security firm Determina to Microsoft when a "proof-of-concept" (*) exploit was published on a Russian website on December 15.

The vulnerability arises from how to handle certain types of Windows Client / Server Runtime Server Subsystem (CSRSS) error messages, which can allow users to identify malicious code and hijack the system. affected.

According to Determina's warning, the vulnerability could affect operating systems: Windows 2000 Service Pack 4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and even Windows Vista.

In a statement released over the weekend, Microsoft said the company is closely monitoring the flaw, but also said it has yet to detect any attacks that take advantage of the gap in CSRSS.

Meanwhile, security firm Secunia only classified the vulnerability as "less dangerous" (level 2/5), at the same level as the rating of the French Security Research Group (FrSIRT) - April 2.

(*) " proof-of-concept ": A type of exploit code that authenticates the ability to execute an attack on a security error in the system or application .