View Single Post
25 Nov 2010  

Arch Linux 64-bit

Here is a Q&A session to address some questions we have received since yesterday:

1) What versions of Microsoft Windows are affected by this flaw? The released exploit hit only Windows Vista and Windows 7. We have found that the flaw affects Windows XP, Windows Server 2003 and Windows Server 2008 as well - both x86 and x64.

2) Can this flaw be exploited from remote? No it can't. It is a local privilege escalation exploit. This means that the potential malware must be already in the target machine to exploit this flaw.

3) Why is this flaw considered critical? This flaw allows all software, even if run from a limited account, to gain system privileges. We see many of drive-by attacks, which make use of application exploits to drop malware on vulnerable machines. While there are still a huge number of customers who are used to run their operating system with administrative privileges, most users are using limited accounts or administrator accounts in Admin Approval Mode (User Account Control). Using a limited account gives them a great advantage versus malware, because it limits the vulnerable surface the malware can damage. This 0-day exploit allows a malware that has already been dropped on the system to bypass these limitations and get the full control of the system.

4) How can I defend my PC from this exploit?
Windows 0-day exploit: Q&A session
My System SpecsSystem Spec