Microsoft confirms low-risk zero-day in Windows kernel

Microsoft has confirmed a privilege-escalation vulnerability in the Windows kernel, one day after a Google engineer posted details of the flaw to the Full Disclosure mailing list.

Jerry Bryant, senior security program manager at Microsoft, said in a blog post that the bug affects all supported versions of 32-bit Windows, while 64-bit versions, which includes Windows Servers 2008 R2, are not impacted.

In addition, the vulnerability is difficult to exploit, he said. As a result, Microsoft deems the risk to users to be low, and the software giant is not aware of any public attacks exploiting the flaw.

"To exploit this vulnerability, an attacker must already have valid logon credentials and be able to log on to a system locally, meaning they must already have an account on the system," Bryant said. "An attacker could then elevate their privileges to the administrative level and run programs of their choice on the system.

As users await a patch — Microsoft's next security update is due out February 9 — they can disable the NT Virtual DOS Mode (NTVDM) subsystem if they do not require NTVDM or support for 16-bit applications, he said.

Microsoft's disclosure of the zero-day vulnerability comes one day before Microsoft was set to release an emergency fix for a dangerous Internet Explorer hole that has been leveraged in the widely publicised Chinese espionage attacks on Google and other high-profile companies.

See original article on scmagazineus.com