Security hole in Windows kernel allows UAC bypass
Summary: A privilege escalation vulnerability in the Windows kernel can be exploited to bypass Microsoft's UAC (user account control) security mechanism
A privilege escalation vulnerability in the Windows kernel can be exploited to bypass Microsoft's UAC (user account control) security mechanism, according to a warning from a security researcher.
Proof-of-concept exploit code has been published on the Web. Microsoft says it is investigating the issue.
This Secunia advisory spells out the problem:
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.
The vulnerability is caused due to an error in win32k.sys when processing the "GreEnableEUDC()" function. This can be exploited to overflow the "EntryContext" buffer specified in the "QueryTable" parameter to the "RtlQueryRegistryValues()" function via e.g. a specially crafted "SystemDefaultEUDCFont" registry value.
Successful exploitation allows execution of arbitrary code in the kernel.
The published proof-of-concept successfully bypasses the UAC security mechanism on Windows but the severity is somewhat reduced because a hacker must combine two security vulnerabilities (and exploits) to launch a successful attack.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
According to the rules, this one is no big deal
The rules clearly state that local vulnerabilities are no big deal, at least when they are found in OS X and Linux.
Cue the double standards...
The article does not show a double standard applied...
He mentioned other operating systems for reference purposes.
RE: Security hole in Windows kernel allows UAC bypass
RE: Security hole in Windows kernel allows UAC bypass
What do you care if it gets "blown off" or not. You don't even use OSX or Linux so so-what.
Also there is no actual exploit code. Just proof of concept.
Agreed: No big deal
nt
It's hilarious how you play the cue the double standards schtick
Do you know what the word "cue" means?
Obviously you don't.
Hint: a cue happens [b]before[/b] the event it is a cue for. Hence, my post makes [b]perfect[/b] sense as the first post.
Is English not your first language? Just curious because it is either that or you aren't very smart.
Yes, he did have to trout out Apple and Linux...
Just blame Apple for the UAC security hole bypass. It's all Steve Jobs fault.
lol... :D
True, windows has a bad record for privilege escalation
Or is NonZealot saying this is a real problem for windows users?
Any evidence to support this?
Or are you expecting us to take you at your word?
[i]Particularly those with a history of massive amounts of malware.[/i]
Massive market share leads to massive amounts of malware.
Yes, Ye
If market share is the determinant for amount of malware, then the solution on windows would only be sell fewer or move to alternate OS. Ye might have a point.
RE: Security hole in Windows kernel allows UAC bypass
Quit using that MS none sense. Mainframes had a massive marketshare of the market on the 60's and until today, no successfull virus has appeared on that market. Unix had a smaller market share and essentially created the first worms.
RE: Security hole in Windows kernel allows UAC bypass
Big difference in a Cell Phone OS and a Desktop OS you do realize that right. Just because Android is based of Linux does not mean it is the same kernel as the desktop version. It is just like iOS is based off Mac OS.
Nice attempt though.
Wow you really do like living in the past.
[i]If market share is the determinant for amount of malware, then the solution on windows would only be sell fewer or move to alternate OS.[/i]
That's a possibility if your intent is to use a platform which is not targetted by malware.
Ye, the past is clearly longer than the MCSEs attention span
Still today rhe majority of wondows users are exposed to shatter attacks (XP). You'd think the learned MCSE would know this.
For fun, what portion of desktop users are intent on using a platform targeted by malware?
There's those words again. Did you just learn something new?
Shatter attacks are old news. Perhaps they're new to you? Come join us in 2010. You'll notice much has changed.
Given XP is still at what?
That makes shatter attacks still relevant news.
Come up with something better, ye. You got NonZealot beat.
RE: Security hole in Windows kernel allows UAC bypass
Then again... people always state that the reason for moving to Windows 7 was security... yeah right... XP we know dearly and IT Admins no how to block all entrances. 7 is brand new and prone to this kinds of mistakes.