Topics:
New Windows kernel bug surfaces days before Microsoft's largest Patch Tuesday
A new Windows flaw has been discovered, potentially causing all currently-supported versions of the Windows operating system to crash. The finding was published last Friday by Israeli researcher Gli Dabah, and comes just before Microsoft's (NASDAQ: MSFT)largest Patch Tuesday ever, today. Microsoft has confirmed the existence of the bug, and is currently investigating.
In a nutshell, the vulnerability involves a "boundary" error in the Win32k.sys, and can be exploited via the use of the "GetClipboardData()" application programming interface (API) to trigger a buffer overflow and subsequent exploit. However, because local access is required to take advantage the flaw, the bug has been assigned an "Important" rating by security group Secunia.
The fact that it is a kernel bug means that a malware run under a local account will be able to break out of any restrictions or sandboxes to gain elevated privileges. Essentially, this is not something any system administrators will want on their machines, regardless of the fact that it's not classified as "critical."
This isn't the first time that similar flaws have been found in the Windows kernel, according to Ars Technica. In fact, at least one researcher suggested that Windows have not gone for more than a few days this year without a known flaw such as this one.
As I observed in my commentary, "New iPhone jailbreak and Microsoft LNK vulnerability have much in common," from last Friday, new security weaknesses are constantly being uncovered and exploited. As such, administrators need to be even more fastidious in implementing security in their organizations.
For more on this story:
- check out the article at eWeek
- check out the article at Ars Technica
Related Articles:
Microsoft to issue record number of security bulletins next Tuesday
New iPhone jailbreak and Microsoft LNK vulnerability have much in common
Microsoft releases temporary workaround for Windows Shell flaw
Security vulnerabilities continue to inundate software vendors
Microsoft to patch XP Help hole, four other vulnerabilities next Tuesday
Comments