Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: New Windows 0-day exploit speaks Chinese

25 Nov 2010   #1

Arch Linux 64-bit
New Windows 0-day exploit speaks Chinese

This isn't exactly what could be defined a lucky year for Microsoft. If Windows 7 sales are booming, on the other hand the operating system made-in-Redmond has been hit hard by a lot of targetted attacks during these months. Aurora exploit is just the first of the year, but the most serious attack has definitely been the Stuxnet case. Finding a 0day exploit is always difficult, but using four 0day exploits all together is actually impressive.

Yesterday another serious 0-day flaw has been publically disclosed on a Chinese board.

This is a serious flaw because it resides in win32k.sys, the kernel mode part of the Windows subsystem. It is a privilege escalation exploit which allows even limited user accounts to execute arbitrary code in kernel mode.
New Windows 0-day exploit speaks Chinese
It's time for an update about the 0-day exploit case we have blogged a couple hours ago. We have developed a fix to proactively protect our customers against the 0-day exploit until Microsoft releases a definitive patch.

The fix is currently going through our internal testing scheduled before every public release and it will be available in the next couple of days. Here the good news: the fix is implemented inside our Prevx software and it will be available to everyone for free. The only thing a user has to do is installing Prevx - that's all.
Windows 0-day exploit: update

My System SpecsSystem Spec

25 Nov 2010   #2

Arch Linux 64-bit

Here is a Q&A session to address some questions we have received since yesterday:

1) What versions of Microsoft Windows are affected by this flaw? The released exploit hit only Windows Vista and Windows 7. We have found that the flaw affects Windows XP, Windows Server 2003 and Windows Server 2008 as well - both x86 and x64.

2) Can this flaw be exploited from remote? No it can't. It is a local privilege escalation exploit. This means that the potential malware must be already in the target machine to exploit this flaw.

3) Why is this flaw considered critical? This flaw allows all software, even if run from a limited account, to gain system privileges. We see many of drive-by attacks, which make use of application exploits to drop malware on vulnerable machines. While there are still a huge number of customers who are used to run their operating system with administrative privileges, most users are using limited accounts or administrator accounts in Admin Approval Mode (User Account Control). Using a limited account gives them a great advantage versus malware, because it limits the vulnerable surface the malware can damage. This 0-day exploit allows a malware that has already been dropped on the system to bypass these limitations and get the full control of the system.

4) How can I defend my PC from this exploit?
Windows 0-day exploit: Q&A session
My System SpecsSystem Spec
25 Nov 2010   #3

Windows 7 Ultimate x86 SP1

There is one mitigation I discovered while researching this exploit. Unfortunately it is somewhat complicated. To prevent the flaw from being exploited you can perform the following actions:

As an Administrator open Regedit and browse to HKEY_USERS\[SID of each user account]\EUDC
Right-click EUDC and choose permissions
Choose the user whose account you are modifying and select Advanced
Select Add and then type in the user's name and click OK
Click the Deny checkbox for Delete and Create Subkey
Click all the OKs and Apply buttons to exit.
full read: New Windows zero-day flaw bypasses UAC | Naked Security
My System SpecsSystem Spec


 New Windows 0-day exploit speaks Chinese

Thread Tools

Similar help and support threads
Thread Forum
Sounds - Custom "Windows Logon" that Speaks What You Like
How to Create a Custom Logon Sound that Speaks What You Like Disclaimer: First of all, thanks to Vipul Taneja of Microsoft India for letting me know about this trick written by Microsoft Most Valuable Professional Thomas. He described it first and I am writing this tutorial based on it after...
Making sound work.. switching between speaks and headset
More issues with this ****ing shitty operating system that is Windows 7 Pro 64bit. I need to get sound working. I have two sound devices that I need to use. 1) A headset. This is USB based. 2) Speakers. These use jacks. No USB. No software. Yes, they work. Windows has ****ing issues...
Sound & Audio
Windows 7 is in Chinese
Title says it all, seeing as how I don't know Chinese at all, how can I change the language from Chinese to English? Please help. PS: This is a client's laptop that I'm working on.
General Discussion
Windows 7 is in chinese
I am trying to fix my friends laptop. It is from China, so when it was restored after it went wrong everything is in chinese. I have tryed going through the menues comparing them with other windows 7 computers, but have not been able to fix it. Does any one know of an easy way to change the...
BSOD Help and Support
Exploit Eleonore Exploit Kit (type 1194) help!
Twice whilst playing CS:S I have had the following message pop up. I have scanned with both Malwarebytes and AVG and nothing has been detected. What should I do? I was on the same server both times. I have looked through my...
System Security
Sound only coming out of 2 speaks on 5.1
Hi there, I'm using my onboard sound with an updated RealTek driver. Right now, there is only sound coming out of 2 speakers. I read the stickied Realtek HD thread, I don't know if the HD part applies to me, but I have Logitech 5.1 Z-5500 speakers. I've set my audio settings to 5.1 system. I...
Sound & Audio

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:52.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App