Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: New Windows 0-day vulnerability emerges, bypasses UAC

25 Nov 2010   #1

New Windows 0-day vulnerability emerges, bypasses UAC

Info on this can be found at New Windows 0-day vulnerability emerges, bypasses UAC | WinRumors

"Giuliani warned that Windows XP, Vista and Windows 7 were all vulnerable to attack, including 32-bit and 64-bit editions. Prevx says they have not see any malware exploiting this flaw but warned “we expect to see this exploit being actively used by malware very soon – it’s an opportunity that malware writers surely won’t miss.”
The vulnerability is located in Win32ksys’s NtGdiEnableEUDC API according to Prevx. The API is not correctly validating some inputs resulting in a stack overflow. A malicious attacker could redirect the overwritten return address to their malicious code and execute it with kernel mode privileges. As the flaw is a privilege escalation exploit, it bypasses the User Account Control (UAC) and Limited User Account technologies implemented in Windows Vista and Windows 7."

Soon be time to batten down the hatches again...

My System SpecsSystem Spec
25 Nov 2010   #2

Windows 7 Ultimate 64bit

Windows will have a patch out in no time...
My System SpecsSystem Spec
25 Nov 2010   #3

Windows 7 Ultimate x64 SP1 | OSX Lion 10.7 x64

More info on Sophos - New Windows zero-day flaw bypasses UAC | Naked Security

They are also claiming their AV detects this PoC trojan. Probably, others will follow shortly.

Combined with another IE exploit, this sounds very bad for Windows users.
My System SpecsSystem Spec

 New Windows 0-day vulnerability emerges, bypasses UAC

Thread Tools

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:28 AM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App