Details of a zero-day vulnerability impacting Windows 7 but also Windows Vista and Windows XP have been published in the wild.
A security company called Prevx, with the help of some Chinese forum users, have found a zero-day exploit for Windows which bypasses User Account Control, one of the operating system’s primary security features.
The problem is with a file called win32k.sys, and it is a “local privilege escalation exploit” which can be exploited on a machine which already has malware installed. The bug primarily effect users of Windows 7 and Windows Vista, though Prevx reports that the flaw is also present in Windows XP and Windows Server 2003, 2008, and 2008 R2. Microsoft has been alerted of the problem but has not yet issued a fix. The company sometimes issues out-of-band patches for zero-day exploits, but usually such security fixes are issued via Windows Update on “Patch Tuesday,” which is the second Tuesday of every month.
User Account Control was one of Windows Vista’s most controversial new features when it launched in 2006 – it kept users more secure by requiring confirmation when a change was being made to the system, but it did so via countless confirmation prompts that many users turned off or simply ignored.
The feature was dialed back in Windows 7 by default to encourage more people to leave it on, and these efforts largely succeeded. UAC still pops up when a third-party program or pluton wants to make a change to the system, but no longer requires confirmation when working with things built-in to the operating system (such as most of the Control Panel applets).
As always, we recommend that you keep your system up-to-date with Windows and/or Microsoft Update, and with a good anti-malware product. If you don’t already have one, Microsoft’s Security Essentials product provides decent free virus protection to all genuine Windows users.
Sources: Prevx
Incoming search terms:
- windows 7 privilege escalation exploituser account pictures windows 7windows 7 account elevation exploituac virus escalationWindows zero-day flaw bypasses UACwindows 7 uac flaw 2011windows 7 uac exploit 2011Windows 7 zero day exploit win32k syswindows 7 privilege escalation 2012 exploitwindows 7 exploits system privileges
No related posts.
