Zero-day Windows flaw a potential "nightmare"
By Nicole Kobie
Posted on 25 Nov 2010 at 09:14
A new zero-day flaw has hit Windows, and it seems capable of slipping past user account controls, security researchers have said.
"This is a serious flaw because it resides in win32k.sys, the kernel mode part of the Windows subsystem," said malware technology specialist Marco Giuliani on the Prevx blog. "It is a privilege escalation exploit which allows even limited user accounts to execute arbitrary code in kernel mode."
Giuliani warned that 32 and 64 bit versions of Windows XP, Vista and 7 were vulnerable. "Being a privilege escalation exploit, it bypasses by design even the protection given by the User Account Control and Limited User Account technology implemented in Windows Vista and Windows 7," he said.
While the API-based flaw has been published on a Chinese message board, Prevx has seen no attacks yet. "This could potentially become a nightmare due to the nature of the flaw," he warned. "We expect to see this exploit being actively used by malware very soon - it's an opportunity that malware writers surely won't miss."
Sophos security researcher Chester Wisniewski noted that for the flaw to be used, a hacker would need access to the system first. "For this to be exploited, malicious code that uses the exploit needs to be introduced," he said in a Sophos blog post. "This means your email, web, and anti-virus filters can prevent malicious payloads from being downloaded."
Sophos detailed a work-around here, while Prevx has updated its software to protect against the flaw. Giuliani said his firm was working with Microsoft on the flaw, and the software giant has acknowledged it's investigating.
From around the web
wanderson
It is amazing that PCPro will tout the Windows Zero day flaw as a potential "nightmare", but gone on to praise Microsoft's flatulent and insecure bloatware in almost every review of the company's weak products.
One commenter complained about the publication's awe of Apple. Maybe that's the way for PCPro to go.
By weanderson on 25 Nov 2010 
^^^^ Apple Fanboy?? ^^^^
Come now, even the 'illustrious' Apple has security problems with OSX - you just don't hear about them as Apple's control freakery prevents them becoming public knowledge.
By everton2004 on 25 Nov 2010
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
