Microsoft has said that it is investigating a vulnerability in the Windows Kernel-mode drivers that affects all operating systems, but is not releasing a security advisory.
The company initially acknowledged the flaw last week, with a message on Twitter saying that it was "investigating a publicly reported vulnerability in Win32k.sys", but was not aware of any attacks against this issue.
Jerry Bryant, senior security communications manager at Microsoft, later claimed that it was not aware of any attacks that try to use the reported vulnerability or of any customer impact at this time.
He said: “While most in the industry reported this as a low-severity vulnerability, it generated quite a bit of attention, and as always, we started our investigation as soon as we became aware of the issue.
“We have not yet reported on this issue because it's important we're thorough in our investigations, and there were a couple of possible vectors that we wanted to validate (or invalidate as the case may be) before we commented or defined a course of action.
“As a result, we are now able to report that this is a local elevation of privilege vulnerability only. This type of issue allows attackers to gain system-level privileges after they have already obtained an account on the target system. For this issue to be exploited, an attacker must have valid logon credentials on the target system and be able to logon locally, or must already have code running on the target system. The vulnerability cannot be exploited remotely, or by anonymous users.”
He claimed that there are no plans to release a security advisory for this issue, but it will be included in a future security update.
“We will continue monitoring the threat landscape and alert customers if anything changes,” he said.
Security firm Secunia classified the flaw as 'less critical' and said a solution was to only grant access to trusted users.
Alan Bentley, SVP international at Lumension, said: “The vulnerability involves a heap overflow which is more difficult to take advantage of than a traditional buffer overflow. However, if executed, it can reportedly afford escalation of privilege, denial-of-service or potentially execute arbitrary code with kernel privileges.”
See original article on scmagazineus.com
Microsoft classifies Win32k.sys vulnerability as a low grade threat
No plans for an out-of-band patch.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Partner Content
ElasticON Sydney 2025: Deriving value from your data with Search AI
Partner Content
What Embracing the AI Platform Shift Really Means
.png&h=140&w=231&c=1&s=0)
Partner Content
AI and quantum computing widen the machine identity security gap
Promoted Content
AI in cybersecurity: weapon or shield?
Sponsored Whitepapers
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
