All Windows XP/Vista/7 32bit and 64bit are vulnerable to a new 0day attack.
http://www.prevx.com/blog/160/New-Windows-day-exploit-speaks-chinese.html
The vulnerability does not have any known exploits but it will only be a matter of time before they are seen in the wild.
The vulnerability centres on the win32k.sys NtGdiEnableEUDC API which is not validating some inputs correctly, allowing it to be exploited via a stack overflow. The result is that an attacker can cause their malicious code to be executed with kernel mode privileges, meaning, even if the malicious code is executed by an account with restricted privileges, the resultant code would be executed with the highest privileges, bypassing the need for confirmation via UAC in Vista and Windows 7.
The vulnerability is not remotely explotable but it would be susceptible to standard delivery methods such as email, drive by and,more recently, USB infection.
No comments:
Post a Comment