|25 Nov 2010||#1|
New Windows 0-day vulnerability emerges, bypasses UAC
Info on this can be found at New Windows 0-day vulnerability emerges, bypasses UAC | WinRumors
"Giuliani warned that Windows XP, Vista and Windows 7 were all vulnerable to attack, including 32-bit and 64-bit editions. Prevx says they have not see any malware exploiting this flaw but warned “we expect to see this exploit being actively used by malware very soon – it’s an opportunity that malware writers surely won’t miss.”
The vulnerability is located in Win32ksys’s NtGdiEnableEUDC API according to Prevx. The API is not correctly validating some inputs resulting in a stack overflow. A malicious attacker could redirect the overwritten return address to their malicious code and execute it with kernel mode privileges. As the flaw is a privilege escalation exploit, it bypasses the User Account Control (UAC) and Limited User Account technologies implemented in Windows Vista and Windows 7."
Soon be time to batten down the hatches again...
|My System Specs|
|25 Nov 2010||#3|
More info on Sophos - New Windows zero-day flaw bypasses UAC | Naked Security
They are also claiming their AV detects this PoC trojan. Probably, others will follow shortly.
Combined with another IE exploit, this sounds very bad for Windows users.
|My System Specs|
|Similar help and support threads for2: New Windows 0-day vulnerability emerges, bypasses UAC|
|Windows XP post April 2014: Non-Microsoft support emerges||News|
|Newly discovered Windows kernel flaw bypasses UAC||Security News|
|New Trojan Threat Emerges||System Security|
|New attack bypasses virtually all AV protection||System Security|
|Windows 7 x64 And Server 2008 R2 Vulnerability Emerges||News|
|New attack bypasses virtually all AV protection||Security News|
|Windows 7 OEM pricing emerges ... some serious discount||News|
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
All times are GMT -5. The time now is 15:04.