Zero-day Windows flaw goes public

Powered by SC Magazine
 

Affecting all versions back to XP.

A zero-day privilege escalation flaw has hit Windows that could allow hackers to bypass user account control security found in Vista and Windows 7.

The flaw was posted briefly on a programming education site and could allow even limited user accounts to execute code in kernel mode, although researchers have found the vulnerability exploited on its own would not allow remote code execution.

“This is a serious flaw because it resides in win32k.sys, the kernel mode part of the Windows subsystem,” said Prevx’s Marco Giuliani in a blog.

A vulnerable API in Windows could be manipulated by having its input changed to cause an overflow in the kernel, he noted. This would then allow arbitrary code to run in kernel mode.

“A malicious attacker is able to redirect the overwritten return address to his malicious code and execute it with kernel mode privileges,” Giuliani said.

All versions of Windows XP, Vista and 7, in both 32 and 64 bit, are vulnerable to this attack, but no attacks have been seen in the wild as yet, he added.

Sophos senior security advisor Chester Wisniewski had a more positive outlook for users.

“The good news? For this to be exploited, malicious code that uses the exploit needs to be introduced,” Wisniewski added in his own blog.

“This means your email, web and anti-virus filters can prevent malicious payloads from being downloaded.”

Microsoft had not responded to our request for comment at the time of publication.

Earlier this month Microsoft confirmed another zero-day flaw had hit Internet Explorer, affecting all versions of the browser.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing


Zero-day Windows flaw goes public
 
 
 
Top Stories
Inside the stalemate on Australia's piracy code
Still not registered almost five months on.
 
IT staff outline deep anger in Macquarie Uni survey
‘Morale at lowest point in a decade’.
 
Cost blowout to push NBN past $41bn budget
But government funding cap to remain.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
New Windows 10 users, are you upgrading from...




   |   View results
Windows 8
  48%
 
Windows 7
  44%
 
Windows XP
  4%
 
Another operating system
  2%
 
Windows Vista
  1%
TOTAL VOTES: 656

Vote