Zero-day Windows flaw goes public

Powered by SC Magazine
 

Affecting all versions back to XP.

A zero-day privilege escalation flaw has hit Windows that could allow hackers to bypass user account control security found in Vista and Windows 7.

The flaw was posted briefly on a programming education site and could allow even limited user accounts to execute code in kernel mode, although researchers have found the vulnerability exploited on its own would not allow remote code execution.

“This is a serious flaw because it resides in win32k.sys, the kernel mode part of the Windows subsystem,” said Prevx’s Marco Giuliani in a blog.

A vulnerable API in Windows could be manipulated by having its input changed to cause an overflow in the kernel, he noted. This would then allow arbitrary code to run in kernel mode.

“A malicious attacker is able to redirect the overwritten return address to his malicious code and execute it with kernel mode privileges,” Giuliani said.

All versions of Windows XP, Vista and 7, in both 32 and 64 bit, are vulnerable to this attack, but no attacks have been seen in the wild as yet, he added.

Sophos senior security advisor Chester Wisniewski had a more positive outlook for users.

“The good news? For this to be exploited, malicious code that uses the exploit needs to be introduced,” Wisniewski added in his own blog.

“This means your email, web and anti-virus filters can prevent malicious payloads from being downloaded.”

Microsoft had not responded to our request for comment at the time of publication.

Earlier this month Microsoft confirmed another zero-day flaw had hit Internet Explorer, affecting all versions of the browser.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing


Zero-day Windows flaw goes public
 
 
 
Top Stories
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 897

Vote