Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: New Windows 0-day exploit speaks Chinese

25 Nov 2010   #1

Arch Linux 64-bit
New Windows 0-day exploit speaks Chinese

This isn't exactly what could be defined a lucky year for Microsoft. If Windows 7 sales are booming, on the other hand the operating system made-in-Redmond has been hit hard by a lot of targetted attacks during these months. Aurora exploit is just the first of the year, but the most serious attack has definitely been the Stuxnet case. Finding a 0day exploit is always difficult, but using four 0day exploits all together is actually impressive.

Yesterday another serious 0-day flaw has been publically disclosed on a Chinese board.

This is a serious flaw because it resides in win32k.sys, the kernel mode part of the Windows subsystem. It is a privilege escalation exploit which allows even limited user accounts to execute arbitrary code in kernel mode.
New Windows 0-day exploit speaks Chinese
It's time for an update about the 0-day exploit case we have blogged a couple hours ago. We have developed a fix to proactively protect our customers against the 0-day exploit until Microsoft releases a definitive patch.

The fix is currently going through our internal testing scheduled before every public release and it will be available in the next couple of days. Here the good news: the fix is implemented inside our Prevx software and it will be available to everyone for free. The only thing a user has to do is installing Prevx - that's all.
Windows 0-day exploit: update

My System SpecsSystem Spec
25 Nov 2010   #2

Arch Linux 64-bit

Here is a Q&A session to address some questions we have received since yesterday:

1) What versions of Microsoft Windows are affected by this flaw? The released exploit hit only Windows Vista and Windows 7. We have found that the flaw affects Windows XP, Windows Server 2003 and Windows Server 2008 as well - both x86 and x64.

2) Can this flaw be exploited from remote? No it can't. It is a local privilege escalation exploit. This means that the potential malware must be already in the target machine to exploit this flaw.

3) Why is this flaw considered critical? This flaw allows all software, even if run from a limited account, to gain system privileges. We see many of drive-by attacks, which make use of application exploits to drop malware on vulnerable machines. While there are still a huge number of customers who are used to run their operating system with administrative privileges, most users are using limited accounts or administrator accounts in Admin Approval Mode (User Account Control). Using a limited account gives them a great advantage versus malware, because it limits the vulnerable surface the malware can damage. This 0-day exploit allows a malware that has already been dropped on the system to bypass these limitations and get the full control of the system.

4) How can I defend my PC from this exploit?
Windows 0-day exploit: Q&A session
My System SpecsSystem Spec
25 Nov 2010   #3

Windows 7 Ultimate x86 SP1

There is one mitigation I discovered while researching this exploit. Unfortunately it is somewhat complicated. To prevent the flaw from being exploited you can perform the following actions:

As an Administrator open Regedit and browse to HKEY_USERS\[SID of each user account]\EUDC
Right-click EUDC and choose permissions
Choose the user whose account you are modifying and select Advanced
Select Add and then type in the user's name and click OK
Click the Deny checkbox for Delete and Create Subkey
Click all the OKs and Apply buttons to exit.
full read: New Windows zero-day flaw bypasses UAC | Naked Security
My System SpecsSystem Spec

 New Windows 0-day exploit speaks Chinese

Thread Tools

Similar help and support threads for2: New Windows 0-day exploit speaks Chinese
Thread Forum
Sounds - Custom "Windows Logon" that Speaks What You Like Tutorials
Making sound work.. switching between speaks and headset Sound & Audio
Windows 7 is in Chinese General Discussion
How do I change my Chinese Windows 7 to english? Software
Windows 7 is in chinese BSOD Help and Support
Exploit Eleonore Exploit Kit (type 1194) help! System Security
Sound only coming out of 2 speaks on 5.1 Sound & Audio

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:20 AM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App