|08 Aug 2010||#1|
| || |
Microsoft probes new Windows kernel bug
Microsoft on Friday said it is investigating an unpatched vulnerability in Windows after an Israeli researcher revealed a bug in the operating system's kernel driver.
According to Gil Dabah, a researcher from Tel Aviv who goes by the nickname "arkon," the Windows' kernel harbors a heap overflow vulnerability. Dabah also posted a short proof-of-concept to demonstrate the bug on RageStorm.com, a site he and two others run.
"Microsoft is investigating reports of a possible vulnerability in Windows Kernel," said Jerry Bryant on Friday. "Upon completion of the investigation, Microsoft will take appropriate actions to protect customers."
In an alert published Friday, Danish bug tracker Secunia pinpointed the bug in the "Win32k.sys" kernel-mode device driver, the kernel component of the Windows subsystem. Attackers could exploit the flaw using "GetClipboardData," an API (application programming interface) that retrieves data from the Window clipboard.
A successful exploit would allow hackers to execute their attack code in kernel mode, which would then let them infect the PC with malware or pillage any data on the machine.
Microsoft probes new Windows kernel bug - Computerworld
|My System Specs|
|09 Aug 2010||#3|
| || |
According to Microsoft Windows win32k.sys Driver "CreateDIBPalette()" Buffer Overflow - Advisories - Community the attack vector requires that the attacker is a local user on the system.
Quote: Originally Posted by Arkon
Anyway, it’s really funny for me to read that people say it’s exploitable, I am waiting to see an exploit, in the code execution sense. This is not trivial since every fourth byte that is copied is the value 4. And the memory block gets allocated per call, very hard to have any assumptions on it. But who am I to judge if Vupen said it’s exploitable, LOL.
Another thing – no one said how to temporarily avoid this vulnerability from occurring, if you change the clipboard access, or the access to change resolution then you’re good to go.
I know, I played with it myself.
It’s very hard to exploit it for code execution, on the edge of impossible. That’s why I felt safe about releasing it publicly
Still curious, if anybody is able to do it.
|My System Specs|
|Similar help and support threads for2: Microsoft probes new Windows kernel bug|
|bsod Microsoft-Windows-Kernel-Power Event ID: 41||BSOD Help and Support|
|Microsoft-Windows-Kernel-Power, EventID 41||BSOD Help and Support|
|Microsoft: MSE safe from Windows kernel hook attack||News|
|Microsoft: MSE safe from Windows kernel hook attack||Security News|
|Former Microsoft Security Analyst Probes......||News|
|Microsoft-Windows-Kernel-Power Issue||BSOD Help and Support|
|Microsoft-Windows-Kernel-PnP error, seems a driver prob||Drivers|