Wednesday, 24 November 2010

New Windows 0day vulnerability

All Windows XP/Vista/7 32bit and 64bit are vulnerable to a new 0day attack.

The vulnerability does not have any known exploits but it will only be a matter of time before they are seen in the wild.

The vulnerability centres on the win32k.sys NtGdiEnableEUDC API which is not validating some inputs correctly, allowing it to be exploited via a stack overflow. The result is that an attacker can cause their malicious code to be executed  with kernel mode privileges, meaning, even if the malicious code is executed by an account with restricted privileges, the resultant code would  be executed with the highest privileges, bypassing the need for confirmation via UAC in Vista and Windows 7.

The vulnerability is not remotely explotable but it would be susceptible to standard delivery methods such as email, drive by and,more recently, USB infection.

No comments:

Post a Comment