Windows 7 dinged by new zero-day vulnerability
Summary: Microsoft's Windows 7 operating system is vulnerable to a new zero-day vulnerability that exposes users to blue-screen crashes or code execution attacks.
Microsoft's Windows 7 operating system is vulnerable to a new zero-day vulnerability that exposes users to blue-screen crashes or code execution attacks.
The flaw could be exploited by local attackers to cause a denial-of-service or potentially gain elevated privileges, according to an advisory from VUPEN, a French security research outfit.From VUPEN's advisory:
This issue is caused by a buffer overflow error in the "CreateDIBPalette()" function within the kernel-mode device driver "Win32k.sys" when using the "biClrUsed" member value of a "BITMAPINFOHEADER" structure as a counter while retrieving Bitmap data from the clipboard, which could be exploited by malicious users to crash an affected system or potentially execute arbitrary code with kernel privileges.
The flaw is confirmed on fully patched Microsoft Windows 7, Windows Server 2008 SP2, Windows Server 2003 SP2, Windows Vista SP2, and Microsoft Windows XP SP3.
Microsoft is investigating.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Windows 7 dinged by new zero-day vulnerability
RE: Windows 7 dinged by new zero-day vulnerability
Lovie maybe its time you got of the Microsoft merry go round and joined everyone else in the real world of computing. Your voice is starting to sound like a over redundant message recording. Time to finally give it a rest Lovie.
RE: Windows 7 dinged by new zero-day vulnerability
Just be happy that he isn't on a rant about how this vulnerability should never have been made publicly known until Microsoft had had at least a year or two to bring a patch out. VUPEN Security should be vilified. Arkon, at the very least, placed in stocks, blacklisted and so on.
After all, Lovie runs Windows since it is the ONLY secure operating system. It's terribly unkind of anyone to disturb that fantasy and force him to face the reality that no OS is completely secure and bugfree.
Kinda reminds me of a columnist (easily identified by his Windows logo tattoo) who never admitted to having any problems with Windows 3.1/3.11 until after the release of Windows 95 when he suddenly admitted to having had problems with 3.1/3.11.
RE: Windows 7 dinged by new zero-day vulnerability
Not to defend Loverock, but since when did the real computer world only consist of 10-14% of all PCs? For a fake PC it can do everything I need it to do without problems day in and day out.
News Flash...
Given Windows has a 90 odd% grip on market share, sounds a LOT like you have that bass ackwards...
For what it's worth - he DOES have a point.
For what it's worth.. he doesn't.
But I suspect you knew that really.
RE: Windows 7 dinged by new zero-day vulnerability
What pray tell reality are you speaking of? OSS?? HAHAHAHAH Less then 1 market share. Mac? 15% and stalled. That is the state of the desktop computing. cell phones are not computers,netbooks are not computers,the ipud is not a computer. So,what reality are you speaking of? soyousaidie?
Local attackers may sit in China
A compromised Firefox process is a "local user".
It's obvious..
..Ah, i just got it, you could never bring yourself to admit that and just couldn't help your schilling, BS tendencies.
Bad form alround ... so your score is 0/10.
.. yawn -0-
What are you talking about
Since you need reading comprehension classes ..
Take a couple deep breaths.
"End of conversation.
(n.b. I won't be returning to this blog, so save your double-talk for someone who gives a **** about what you say) "
We can only hope you'll keep your promise.
rtk tops himself...
Ahh, didn't recognize you bs23456xx\winbsod
"How do you know FF would be on that machine? Well all know IE8 would be on there by default"
How do ya figure? Every XP install out there now running IE8? Nope.
"honeymonster was being cute by not including that 'little' fact"
Not a fact, one can hope to run into IE, Fx, and chrome, in that order. There's no saying which versions on each machine.
"THX-1138 was being kind to you"
THX-1138 is a clueless troll, I just assumed it was another of your sock puppets.
Still as idiotic as ever
redacted, decided not to feed the troll
You're correct, I'll try harder to ignore 'em.
rtk - too late, you're already pwned
RE: Windows 7 dinged by new zero-day vulnerability
RE: Windows 7 dinged by new zero-day vulnerability
Don't worry, it's coming. I think that in 2012 or so, Microsoft would have conceded defeat for Vista-class (Vista, Vista+ [7] and Vista++ [8]) Operating Systems.
Am sure they will pick up the pieces (30% theoretical marketshare, 15% real) and create a XP SP5 called Windows Desktop Experience (or Legacy) which will come preinstalled on all desktop, laptop and netbooks.
Sadly by that time, slates would have grabbed 50 or so percent of the new market and most of the new apps will be on the cloud or released on App Stores.
Put the halucinogenic mushrooms down...!
Seriously. If you think slates - such as the iPad - will take over, you've been dippin' into them funny mushrooms too much.
First off, XP is dead. Get over it. It's not being brought back to life.
Secondly, Windows 7 is far from being a has-been. In fact, it seems to be outselling pretty much everything that's come before it.
Third, Slates - as demonstrated by the iPad - are extremely limited in what they can do. They may become an extension of desktop or laptop systems, but they have a LONG way to go to replace them. Keyboards and mice are far too useful interface-wise to be replaced by a virtual replacement.