Winrumors has reported that a new 0-day vulnerability affecting Windows XP, Vista and 7 has been discovered. The vulnerability resides in win32k.sys, "the kernel mode part of the Windows subsystem." This exploit allows user priviledge elevation, enabling even limited accounts to execute arbitrary code.
Marco Giuliani of Prevx has stated that no malware is currently exploiting this flaw, but also warned that it would be "very soon" before malware authors begin exploiting the vulnerability.
The API in which the vulnerability is located does not correctly validate input, resulting in stack overflow. This means that an attacker could control the destination of the "overwritten return address" and in essence execute their code with kernel mode privileges. Since this exploits user elevation, it bypasses UAC and leaves Vista and 7 vulnerable. This is specifically important due to the fact that UAC was originally implemented to prevent unauthorized privilege elevation.
Prevx is well known for mistakenly stating, last year, that Windows Update was creating a "black screen of death." It was later revealed that the black screen was caused by a malware infection, rather than an oversight or mistake on Microsoft's part.
Microsoft has confirmed that they are evaluating this vulnerability so a fix could be in the works.
60 Comments - Add comment