A vulnerability that affects four of Microsoft’s operating systems, including Vista, doesn’t appear to pose a great risk, according to one security vendor.Microsoft’s security blog said proof-of-concept code has been publicly released that targets the Client-Server Runtime Subsystem (CSRSS), which performs functions such as launching and closing applications.A user could launch malicious code within the CSRSS that would elevate one’s privileges on a computer, such as going from an ordinary user to an administrator, said Thomas Kristensen, chief technology officer for Secunia in Denmark.To execute the attack, however, a user would already have to be logged onto a machine or have gained access to the network some other way, Kristensen said. Because of this, Secunia rated the vulnerability as “less critical,” he said. Still, the flaw could potentially let an attacker place a rootkit on a machine and scrub any trace of tampering with the machine, Kristensen said.“It’s still a significant vulnerability which administrators should pay a whole lot of attention to,” he said. Microsoft said it has not heard of attacks using the vulnerability, although it was investigating the impact. The affected systems are Windows 2000 SP4, Windows Server SP1, Windows XP SP2 and Vista, Microsoft said. — Jeremy Kirk, IDG News Service (London Bureau)Related Link:Microsoft Windows Vista: The OS Has LandedCheck out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content feature 4 remedies to avoid cloud app migration headaches The compelling benefits of using proprietary cloud-native services come at a price: vendor lock-in. Here are ways CIOs can effectively plan without getting stuck. By Robert Mitchell Nov 29, 2023 9 mins CIO Managed Service Providers Managed IT Services case study Steps Gerresheimer takes to transform its IT CIO Zafer Nalbant explains what the medical packaging manufacturer does to modernize its IT through AI, automation, and hybrid cloud. By Jens Dose Nov 29, 2023 6 mins CIO SAP ServiceNow feature Per Scholas redefines IT hiring by diversifying the IT talent pipeline What started as a technology reclamation nonprofit has since transformed into a robust, tuition-free training program that seeks to redefine how companies fill tech skills gaps with rising talent. By Sarah K. White Nov 29, 2023 11 mins Diversity and Inclusion Hiring news Saudi Arabia will host the World Expo 2030 in Riyadh By Andrea Benito Nov 28, 2023 4 mins Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe