Vista Exploit

There’s a proof-of-concept Vista exploit (actually works against Windows 2000 and XP as well) for privilege escalation on a russian language site, as reported by eWeek.

Mike Reavey, operations manager of the Microsoft Security Response Center, confirmed that the company is “closely monitoring” the public posting, which first appeared on a Russian language forum on Dec. 15. It affects “csrss.exe,” which is the main executable for the Microsoft Client/Server Runtime Server.

More interesting is the other quote later on in the article, describing the economics working against Microsoft these days…

The Microsoft confirmation comes hard on the heels of a claim by anti-virus vendor Trend Micro that underground hackers are selling zero-day exploits for Windows Vista at $50,000 a pop.

Yikes. Can’t you hear the discussions now? My enterprise pays X million dollars a year to license our operating systems, but the security/usability/safety/stability of our whole operation can be bought for under $50K?