New Windows CSRSS unpatched vulnerability
This new vulnerability is rated as low-risk can only be exploited by local users.
Microsoft Windows Client Server Run-Time Subsystem Memory Disclosure Vulnerability
QUOTE: A Microsoft Windows vulnerability can be exploited by malicious local users to gain knowledge of sensitive information. The problem is that CSRSS.exe does not properly validate arguments passed via NtRaiseHardError and can be exploited to view the contents of CSRSS process memory. The vulnerability is confirmed on a fully-patched Windows XP SP2 system and reportedly affects Windows 2000 SP4 as well. Other versions may also be affected.
Solution: Allow only trusted users access to the system