Zero-day Windows flaw goes public

Powered by SC Magazine
 

Affecting all versions back to XP.

A zero-day privilege escalation flaw has hit Windows that could allow hackers to bypass user account control security found in Vista and Windows 7.

The flaw was posted briefly on a programming education site and could allow even limited user accounts to execute code in kernel mode, although researchers have found the vulnerability exploited on its own would not allow remote code execution.

“This is a serious flaw because it resides in win32k.sys, the kernel mode part of the Windows subsystem,” said Prevx’s Marco Giuliani in a blog.

A vulnerable API in Windows could be manipulated by having its input changed to cause an overflow in the kernel, he noted. This would then allow arbitrary code to run in kernel mode.

“A malicious attacker is able to redirect the overwritten return address to his malicious code and execute it with kernel mode privileges,” Giuliani said.

All versions of Windows XP, Vista and 7, in both 32 and 64 bit, are vulnerable to this attack, but no attacks have been seen in the wild as yet, he added.

Sophos senior security advisor Chester Wisniewski had a more positive outlook for users.

“The good news? For this to be exploited, malicious code that uses the exploit needs to be introduced,” Wisniewski added in his own blog.

“This means your email, web and anti-virus filters can prevent malicious payloads from being downloaded.”

Microsoft had not responded to our request for comment at the time of publication.

Earlier this month Microsoft confirmed another zero-day flaw had hit Internet Explorer, affecting all versions of the browser.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing


Zero-day Windows flaw goes public
 
 
 
Top Stories
CIO exits as Coles steps up offshoring
Updated: Engages Accenture in Manila; staff to learn of their fate today.
 
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 797

Vote