Another zero-day vulnerability in the Windows kernel
Prevx is reporting that an exploit for a previously unknown security vulnerability in Windows' win32k.sys kernel mode driver has been published on a Chinese forum. The vulnerability allows attackers who have penetrated a system to escalate their privileges. This can, for example, be used to insert a rootkit deep in the operating system. According to Prevx, the vulnerability affects both 32 and 64-bit version of Windows XP, Vista and Windows 7. Vupen reports that Windows 2008 SP2 is also vulnerable to this attack.
A stack overflow in the NtGdiEnableEUDC function allows an attacker to inject a return address pointing to his own code. This code can then be executed with system privileges. Microsoft is working on a solution, but no patch is available at present. An exploit for an old vulnerability in the Windows task planner was published just a few days ago. A critical vulnerability in Internet Explorer versions up to and including version 8 also remains unpatched – various hot-fixes are available for the latter. It's not yet clear when Microsoft will be able to fix the vulnerabilities. The next scheduled patch day is the 14th of December.
- Internet Explorer hole: attacks are likely to increase, a report from The H.