A local exploit can leverage a regular or admin user to the System account. CSRSS process is exploitable in Windows 2000 and above. Privileged escalation exploits that need a logged on local user to begin with aren’t much of a threat. No, this doesn’t make me take back my statement that Windows Vista is a secure OS. There are many ways to accomplish the same thing. You can read the report from the security breach here: http://www.vulnerabilities.com/vulnerability-report/virus-report.”]
Source: https://www.csoonline.com/article/2641872/low-threat-vista-exploit.html