Jump to content


anyweb

Windows 0-day vulnerability bypasses UAC

Recommended Posts

Winrumors has reported that a new 0-day vulnerability affecting Windows XP, Vista and 7 has been discovered. The vulnerability resides in win32k.sys, "the kernel mode part of the Windows subsystem." This exploit allows user priviledge elevation, enabling even limited accounts to execute arbitrary code.

 

Marco Giuliani of Prevx has stated that no malware is currently exploiting this flaw, but also warned that it would be "very soon" before malware authors begin exploiting the vulnerability.

 

The API in which the vulnerability is located does not correctly validate input, resulting in stack overflow. This means that an attacker could control the destination of the "overwritten return address" and in essence execute their code with kernel mode privileges. Since this exploits user elevation, it bypasses UAC and leaves Vista and 7 vulnerable. This is specifically important due to the fact that UAC was originally implemented to prevent unauthorized privilege elevation.

 

Prevx is well known for mistakenly stating, last year, that Windows Update was creating a "black screen of death." It was later revealed that the black screen was caused by a malware infection, rather than an oversight or mistake on Microsoft's part.

 

Microsoft has confirmed that they are evaluating this vulnerability so a fix could be in the works.

 

via > http://www.neowin.net/news/windows-0-day-vulnerability-bypasses-uac

Share this post


Link to post
Share on other sites



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.