x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

MS07-021

Threat LevelLow threatDamageHighDistributionNot widespread
Common name:MS07-021
Technical name:MS07-021
Threat level:Medium
Alias:Vulnerabilities in CSRSS, Vulnerabilidades en CSRSS
Type:Vulnerability
Effects:  

It is a group of vulnerabilities in the Client/Server Run-time Subsystem (CSRSS) on Windows Vista/2003/XP/2000 computers, which allows hackers to execute remote code, perform a local privilege escalation and denial of service attack in the vulnerable computer.

Affected platforms:

Windows 2003/XP/2000

First detected on:April 11, 2007
Detection updated on:April 11, 2007
StatisticsNo

Brief Description 

    

MS07-021 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in the Client/Server Run-time Subsystem (CSRSS) on Windows Vista/2003/XP/2000 computers, which allows to execute remote code, perform a local privilege escalation and denial of service attack in the vulnerable computer.

The addressed vulnerabilities are:

  • MsgbBox (CSRSS) Remote Code Execution vulnerability, which allows hackers to gain remote control of the affected computer with the same privileges as the logged on user.
  • CSRSS Local Elevation of Privilege vulnerability, which allows hackers to gain unauthorized privileges on a computer or network.
  • CSRSS DoS vulnerability. This is a denial of service vulnerability, which could cause the affected system to stop responding.

In order to exploit MS07-021, the attacking user must be able to log on locally on the vulnerable system, and then run a specially crafted program.

 

If you have a Windows Vista/2003/XP/2000 computer, it is recommended to download and apply the security patch for these vulnerabilities. Access the web page for downloading the patch.