Microsoft probes new Windows kernel bug

JMH

JMH

Banned
Microsoft on Friday said it is investigating an unpatched vulnerability in Windows after an Israeli researcher revealed a bug in the operating system's kernel driver.

According to Gil Dabah, a researcher from Tel Aviv who goes by the nickname "arkon," the Windows' kernel harbors a heap overflow vulnerability. Dabah also posted a short proof-of-concept to demonstrate the bug on RageStorm.com, a site he and two others run.

"Microsoft is investigating reports of a possible vulnerability in Windows Kernel," said Jerry Bryant on Friday. "Upon completion of the investigation, Microsoft will take appropriate actions to protect customers."

In an alert published Friday, Danish bug tracker Secunia pinpointed the bug in the "Win32k.sys" kernel-mode device driver, the kernel component of the Windows subsystem. Attackers could exploit the flaw using "GetClipboardData," an API (application programming interface) that retrieves data from the Window clipboard.

A successful exploit would allow hackers to execute their attack code in kernel mode, which would then let them infect the PC with malware or pillage any data on the machine.
Click to expand...
More -
Microsoft probes new Windows kernel bug - Computerworld
 

My Computer

Computer Manufacturer/Model Number
LAPTOP. HP Pavilion dv7-4010TX .
OS
Win 7 Ultimate 64-bit. SP1.
CPU
Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6MB Cache.]
Memory
8 DDR 3 RAM. 1066MHZ
Graphics Card(s)
ATI 1024 MB. DDR3. Radeon HD5650
Monitor(s) Displays
17.3" High Definition Brightview LCD. LED Backlit.
Screen Resolution
1600 x 900.
Hard Drives
640GB
Case
Laptop / notebook.
Mouse
Logitech Anywhere mouse. MX.
Internet Speed
ADSL [ but too slow ]

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home Built
OS
Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit
CPU
Phenom II X6 1100T
Motherboard
ASUS M5A99X EVO
Memory
Crucial Balistic 8gb DDR3-1866 CL9
Graphics Card(s)
MSI R6850 Cyclone IGD5 PE
Sound Card
On Board
Monitor(s) Displays
ASUS VE258Q 25" LED with DVI-HDMI-DisplayPort
Screen Resolution
1920 x 1080
Hard Drives
Two WD Cavier Black 2TB Sata III, WD My Book Essential 2TB USB 3.0
PSU
Seasonic X650 80 Plus GOLD Modular
Case
Corsair 400R
Cooling
Antec Kuhler H2O 620, Two 120mm and four 140mm
Keyboard
Logitech K120
Mouse
Logitech Marble Mouse USB, Logitech Precision Game Pad
Internet Speed
15MB
Antivirus
Norton IS 2013, Malwarebytes Pro Beta 2
Browser
IE-11, FF-27
Other Info
APC UPS ES 750, Netgear WNR3500L Gigabit & Wireless N Router with SamKnows Test Program, Motorola SB6120 Gigabit Cable Modem. Brother HL-2170W Laser Printer, Epson V300 Scanner
Phone Man said:
According to Microsoft Windows win32k.sys Driver "CreateDIBPalette()" Buffer Overflow - Advisories - Community the attack vector requires that the attacker is a local user on the system.

Jim :geek:
Click to expand...

Couldn't it be exploited remotely?

Edit:

Arkon said:
Anyway, it’s really funny for me to read that people say it’s exploitable, I am waiting to see an exploit, in the code execution sense. This is not trivial since every fourth byte that is copied is the value 4. And the memory block gets allocated per call, very hard to have any assumptions on it. But who am I to judge if Vupen said it’s exploitable, LOL.
Another thing – no one said how to temporarily avoid this vulnerability from occurring, if you change the clipboard access, or the access to change resolution then you’re good to go.


...


I know, I played with it myself.
It’s very hard to exploit it for code execution, on the edge of impossible. That’s why I felt safe about releasing it publicly
icon_smile.gif

Still curious, if anybody is able to do it.
Click to expand...
 

My Computer

Computer Manufacturer/Model Number
Dell Inspiron 1520 (Laptop)/ Home (Desktop)
OS
Windows 7 x64 / Same
CPU
Intel Core 2 Duo T7250 / Intel Core i7 930
Motherboard
Intel 945 / Asus P6X58D-E
Memory
4GB / 6GB
Graphics Card(s)
NVIDIA GeForce 8400M GS / ASUS 1GB
Sound Card
Whatever Dell gave me :-( / Onboard
Monitor(s) Displays
15.4" LCD / Crappy CRT
Hard Drives
Seagate 500GB SATA; 7200 RPM / Seagate 1TB SATA; 7200 RPM
PSU
N/A / OCZ Fatal1ty 550W Modular
Case
N/A / Antec 900
Cooling
Air
Mouse
Microsoft Presenter (Bluetooth)
I am sure Secunia has tested the exploit and that was their findings.

Jim :geek:
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home Built
OS
Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit
CPU
Phenom II X6 1100T
Motherboard
ASUS M5A99X EVO
Memory
Crucial Balistic 8gb DDR3-1866 CL9
Graphics Card(s)
MSI R6850 Cyclone IGD5 PE
Sound Card
On Board
Monitor(s) Displays
ASUS VE258Q 25" LED with DVI-HDMI-DisplayPort
Screen Resolution
1920 x 1080
Hard Drives
Two WD Cavier Black 2TB Sata III, WD My Book Essential 2TB USB 3.0
PSU
Seasonic X650 80 Plus GOLD Modular
Case
Corsair 400R
Cooling
Antec Kuhler H2O 620, Two 120mm and four 140mm
Keyboard
Logitech K120
Mouse
Logitech Marble Mouse USB, Logitech Precision Game Pad
Internet Speed
15MB
Antivirus
Norton IS 2013, Malwarebytes Pro Beta 2
Browser
IE-11, FF-27
Other Info
APC UPS ES 750, Netgear WNR3500L Gigabit & Wireless N Router with SamKnows Test Program, Motorola SB6120 Gigabit Cable Modem. Brother HL-2170W Laser Printer, Epson V300 Scanner
You must log in or register to reply here.

Similar threads

D
How do I download & install Microsoft Teams on my desktop ?
Replies
2
Views
2K
dan99t
D
B
Is Microsoft "Fix it" still viable today on a Windows 7 64 system?
Replies
0
Views
1K
BILL 143
B
ColourOz
Location for Microsoft Security Essentials
Replies
6
Views
6K
ColourOz
ColourOz
J
trying to get microsoft security essentials
Replies
6
Views
4K
jsdspif
J
ColourOz
Solved Add Microsoft Security Essentials icon to Control Panel
Replies
0
Views
5K
ColourOz
ColourOz
Back
Top