Members
Stats
  • Total Posts: 28530
  • Total Topics: 8241
  • Online Today: 870
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Newly discovered zero-day exploit bypasses UAC in Windows (bug in win32k.sys)  (Read 2869 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
New Windows Zero Day Exploit - Nov 2010

A newly discovered zero-day exploit in Windows could let hackers take admin-type control over affected computers.

Security firm Sophos said that the exploit appeared on an "education web site " but was soon removed.

The malware could let an application gain system privileges, and bypass User Account Control in Vista and Windows 7.

"The exploit takes advantage of a bug in win32k.sys, which is part of the Windows kernel," wrote Chester Wisniewski, a senior security advisor at Sophos, in a blog post: http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/

"The flaw is related to the way in which a certain registry key is interpreted, and enables an attacker to impersonate the system account which has nearly unlimited access to all components of the Windows system."

Wisniewski explained that the flaw is present in Windows operating systems going back to XP. Sophos has published a workaround in the blog post.

"On its own, this bug does not allow remote code execution, but does enable non-administrator accounts to execute code as if they were an administrator," he said.

"For this to be exploited, malicious code that uses the exploit needs to be introduced. This means that your email, web and anti-virus filters can prevent malicious payloads from being downloaded."

(V3)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising