Microsoft probes new Windows kernel bug

    Microsoft probes new Windows kernel bug


    Posted: 08 Aug 2010

    Microsoft on Friday said it is investigating an unpatched vulnerability in Windows after an Israeli researcher revealed a bug in the operating system's kernel driver.

    According to Gil Dabah, a researcher from Tel Aviv who goes by the nickname "arkon," the Windows' kernel harbors a heap overflow vulnerability. Dabah also posted a short proof-of-concept to demonstrate the bug on RageStorm.com, a site he and two others run.

    "Microsoft is investigating reports of a possible vulnerability in Windows Kernel," said Jerry Bryant on Friday. "Upon completion of the investigation, Microsoft will take appropriate actions to protect customers."

    In an alert published Friday, Danish bug tracker Secunia pinpointed the bug in the "Win32k.sys" kernel-mode device driver, the kernel component of the Windows subsystem. Attackers could exploit the flaw using "GetClipboardData," an API (application programming interface) that retrieves data from the Window clipboard.

    A successful exploit would allow hackers to execute their attack code in kernel mode, which would then let them infect the PC with malware or pillage any data on the machine.



    More -
    Microsoft probes new Windows kernel bug - Computerworld
    Posted By: JMH
    08 Aug 2010



  2. Phone Man
    Posts : 2,686
    Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit
       New #1

    According to http://secunia.com/advisories/40870/ the attack vector requires that the attacker is a local user on the system.

    Jim
      My Computer
    Quote Quote

  4. Win7User512
    Posts : 1,487
    Windows 7 x64 / Same
       New #2

    Phone Man said:
    According to Microsoft Windows win32k.sys Driver "CreateDIBPalette()" Buffer Overflow - Advisories - Community the attack vector requires that the attacker is a local user on the system.

    Jim
    Couldn't it be exploited remotely?

    Edit:

    Arkon said:
    Anyway, it’s really funny for me to read that people say it’s exploitable, I am waiting to see an exploit, in the code execution sense. This is not trivial since every fourth byte that is copied is the value 4. And the memory block gets allocated per call, very hard to have any assumptions on it. But who am I to judge if Vupen said it’s exploitable, LOL.
    Another thing – no one said how to temporarily avoid this vulnerability from occurring, if you change the clipboard access, or the access to change resolution then you’re good to go.


    ...


    I know, I played with it myself.
    It’s very hard to exploit it for code execution, on the edge of impossible. That’s why I felt safe about releasing it publicly
    Still curious, if anybody is able to do it.
      My Computer
    Quote Quote

  5. Phone Man
    Posts : 2,686
    Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit
       New #3

    I am sure Secunia has tested the exploit and that was their findings.

    Jim
      My Computer
    Quote Quote

 

  Related Discussions
So I woke up this morning, started browsing the web, machine froze, hard drive light went solid, BSOD'd, system couldn't see drive, had to unplug power of SSD for 15 seconds, powered machine up, all is well. Last time this happened on 07/28 after I had installed firmware 2.11 for the SSD and...
Microsoft: MSE safe from Windows kernel hook attack Source: Microsoft: MSE safe from Windows kernel hook attack ~Lordbob
Source - Former Microsoft Security Analyst Probes Possible Police Civil Rights Violations - Seattle Police Department cornered into producing self-incriminating arrest recordings - Softpedia
Microsoft-Windows-Kernel-Power Issue
in BSOD Help and Support

Hello. I am currently running a 6730b HP Notebook. My OS is Windows 7 (64-bit) Ultimate Build 7100. As of late, my computer has been randomly shutting off while running basic tasks (such as trying to run Windows Experience Index, etc). All my drives are up to date through the HP website and...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 11:17.
Find Us