Monitoring Windows Console Activity (Part 1)

Introduction While performing incident response, Mandiant encounters attackers actively using systems on a compromised network. This activity often includes using interactive console programs via RDP such as the command prompt, PowerShell, and sometimes custom command and control C2 console tools...

PT-2011-3509 · Microsoft · Windows Server 2003 +5

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 versions Gold through SP1 Description: T...

CVE-2010-1891

CVE-2010-1891 affects the Windows Client/Server Runtime Subsystem (CSRSS) in the Win32 subsystem on Windows XP SP2/SP3 and Windows Server 2003 SP2. The vulnerability stems from improper memory allocation for transactions when Chinese, Japanese, or Korean locales are enabled, allowing local users ...

CVE-1999-0723

The Windows NT Client Server Runtime Subsystem CSRSS can be subjected to a denial of service when all worker threads are waiting for user input...