Another zero-day vulnerability in the Windows kernel
Prevx is reporting that an exploit for a previously unknown security vulnerability in Windows' win32k.sys kernel mode driver has been published on a Chinese forum. The vulnerability allows attackers who have penetrated a system to escalate their privileges. This can, for example, be used to insert a rootkit deep in the operating system. According to Prevx, the vulnerability affects both 32 and 64-bit version of Windows XP, Vista and Windows 7. Vupen reports that Windows 2008 SP2 is also vulnerable to this attack.
A stack overflow in the NtGdiEnableEUDC function allows an attacker to inject a return address pointing to his own code. This code can then be executed with system privileges. Microsoft is working on a solution, but no patch is available at present. An exploit for an old vulnerability in the Windows task planner was published just a few days ago. A critical vulnerability in Internet Explorer versions up to and including version 8 also remains unpatched – various hot-fixes are available for the latter. It's not yet clear when Microsoft will be able to fix the vulnerabilities. The next scheduled patch day is the 14th of December.
See also:
- Internet Explorer hole: attacks are likely to increase, a report from The H.
(crve)