Security hole in Windows kernel allows UAC bypass

A privilege escalation vulnerability in the Windows kernel can be exploited to bypass Microsoft's UAC (user account control) security mechanism

A privilege escalation vulnerability in the Windows kernel can be exploited to bypass Microsoft's UAC (user account control) security mechanism, according to a warning from a security researcher.

Proof-of-concept exploit code has been published on the Web.  Microsoft says it is investigating the issue.

This Secunia advisory spells out the problem:

follow Ryan Naraine on twitter

A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

The vulnerability is caused due to an error in win32k.sys when processing the "GreEnableEUDC()" function. This can be exploited to overflow the "EntryContext" buffer specified in the "QueryTable" parameter to the "RtlQueryRegistryValues()" function via e.g. a specially crafted "SystemDefaultEUDCFont" registry value.

Successful exploitation allows execution of arbitrary code in the kernel.

The published proof-of-concept successfully bypasses the UAC security mechanism on Windows but the severity is somewhat reduced because a hacker must combine two security vulnerabilities (and exploits) to launch a successful attack.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All