Microsoft: Zero-day Windows flaw not serious

 

Gallery

By Nicole Kobie

Posted on 11 Aug 2010 at 12:18

The latest zero-day flaw to hit Windows isn't likely to be a major security concern, according to Microsoft.

The flaw in Windows Kernel-mode drivers (win32k.sys) affects all supported versions of Microsoft's OS, taking advantage of buffer overflow problems that happen when copying bitmap files from the clipboard.

"We are not aware of attacks that try to use the reported vulnerability or of any customer impact at this time," said security communications manager Jerry Bryant in a post in the Microsoft blog.

Bryant said the attack only allows for local elevation of privileges.

"For this issue to be exploited, an attacker must have valid log-on credentials on the target system and be able to log on locally, or must already have code running on the target system," he said. "The vulnerability cannot be exploited remotely, or by anonymous users."

Some security firms had initially said the flaw could be used to attack systems, with Vupen Security claiming it could be used to cause a denial of service attack. Secunia said the flaw could be "exploited by malicious users to crash an affected system or potentially execute arbitrary code with kernel privileges."

But Gil Dabah, a security researcher who goes by the name Arkon and who originally uncovered the vulnerability, said any attack would be difficult. "It’s very hard to exploit it for code execution, on the edge of impossible," the researcher noted in a blog post. "That’s why I felt safe about releasing it publicly."

Microsoft said it would include a fix in a future security update, but didn't say if it would arrive next month. The software giant yesterday issued patches for a record number of flaws as part of its monthly security update.