diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Zero-day Exploit Emerges, Bypasses Windows 7 UAC

Prevx, reports that a serious 0-day flaw has been publically disclosed on a Chinese board, “This’s a serious flaw because it resides in win32k.sys, the kernel mode part of the Windows subsystem. It’s a privilege escalation exploit which allows even limited user accounts to execute arbitrary code in kernel mode,” wrote Marco Giuliani.

Giuliani warned that Windows XP, Vista and Windows 7 were all vulnerable to attack, including 32-bit and 64-bit editions. The vulnerability is located in Win32ksys’s NtGdiEnableEUDC API according to Prevx. The API isn’t correctly validating some inputs resulting in a stack overflow.

A malicious attacker could redirect the overwritten return address to their malicious code and execute it with kernel mode privileges. As the flaw is a privilege escalation exploit, it bypasses the User Account Control (UAC) and Limited User Account technologies implemented in Vista and Win7.

Prevx says “we’ve not yet detected any malware exploiting this flaw. We expect to see this exploit being actively used by malware very soon – it’s an opportunity that malware writers surely won’t miss.”

Microsoft has confirmed it’s investigating public proof of concept code for a new un-patched flaw in Windows.


Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...