Zero-day Windows flaw goes public

A zero-day vulnerability affecting all versions of Windows back to XP has been discovered.

Security

A zero-day privilege escalation flaw has hit Windows that could allow hackers to bypass user account control security found in Vista and Windows 7.

The flaw was posted briefly on a programming education site and could allow even limited user accounts to execute code in kernel mode, although researchers have found the vulnerability exploited on its own would not allow remote code execution.

"This is a serious flaw because it resides in win32k.sys, the kernel mode part of the Windows subsystem," explained Prevx's Marco Giuliani, in a blog.

A vulnerable API in Windows could be manipulated by having its input changed to cause an overflow in the kernel, he noted. This would then allow arbitrary code to run in kernel mode.

"A malicious attacker is able to redirect the overwritten return address to his malicious code and execute it with kernel mode privileges," Giuliani said.

All versions of Windows XP, Vista and 7, in both 32 and 64 bit, are vulnerable to this attack, but no attacks have been seen in the wild as yet, he added.

Paul Ferguson, senior threat researcher at Trend Micro, said the timing of this flaw was "crucial" given the holidays are coming.

"With users spending more time online in search of discounts and Black Friday deals, it may become easier for cyber criminals to spread malware exploiting the zero-day vulnerability," Ferguson explained in a blog.

Sophos senior security advisor Chester Wisniewski had a more positive outlook for users.

"The good news? For this to be exploited, malicious code that uses the exploit needs to be introduced," Wisniewski added in his own blog.

"This means your email, web and anti-virus filters can prevent malicious payloads from being downloaded."

Microsoft had not responded to our request for comment at the time of publication.

Earlier this month Microsoft confirmed another zero-day flaw had hit Internet Explorer, affecting all versions of the browser.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Access brokers are making it easier for ransomware operators to attack businesses
cyber security

Access brokers are making it easier for ransomware operators to attack businesses

1 Dec 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

15 Oct 2021
How to virtualise Windows 7 inside Windows 10
Microsoft Windows

How to virtualise Windows 7 inside Windows 10

9 Sep 2021
What is a botnet?
botnets

What is a botnet?

14 Jul 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021