Microsoft fights "evil" kernel bug

 

Gallery

By Stuart Turton

Posted on 11 Mar 2009 at 09:14

Microsoft's monthly patch Tuesday has brought fixes for eight vulnerabilities in Windows, including one rated critical.

The critical vulnerability is the result of "improper validation of input passed from user mode through the kernel component of the graphics device interface."

Because the flaw affects the kernel, Microsoft is warning that a successful exploit would leave an attacker with complete control of a machine.

"All that the attacker needs do is encourage a victim to view a specially formatted image and the attacker can run code on the victim's system," notes security expert Eric Schultze.

"The evil code will execute with system privileges - even if the user wasn't logged on as an administrator. With system privileges, the evil code can access, copy, or delete any files on the system, create or delete user accounts, change passwords, or install backdoors. Nasty stuff."

Elsewhere, patch MS09-008, which is rated as important, deals with four separate flaws in Windows' DNS and WNS servers.

"These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker's own systems," says Microsoft.

The third update, MS09-007, plugs a hole in the Secure Channel security package within Windows. If exploited, the flaw could let attackers impersonate an authorised user.