Microsoft (NASDAQ: MSFT) is currently investigating a new security flaw confirmed by security vendor Secunia to exist on the 64-bit version of the Windows 7 Professional. According to a report on PCWorld, the flaw stems from an error in the win32k.sys kernel-mode driver, and rears its head in the form of a blue screen of death when parsing a specially-crafted iframe attribute from the Safari web browser.

While the presence of Safari seems to point towards a flaw from Apple (NASDAQ: AAPL), a modern operating system like Windows 7 isolates application software in user mode, which should have prevented it from taking down the operating system in an unrecoverable BSOD. Moreover, fixing the problem at Safari would be a stopgap measure at best, since the underlying vulnerability could still be exploited by hackers in the future to execute arbitrary code with kernel-mode privileges.

No advisory has been published at the time of writing, though Jerry Bryant, group manager for response communications at Microsoft, says the company is investigating and that "we will take appropriate action to best protect our customers." The security flaw does not affect the 32-bit version of Windows 7. For now, a video of the Safari-triggered crash has been uploaded here.

For more:
- check out this article at PC World
- check out this article at Dark Reading
- check out this article at The Register

Related Articles:
March hack the result of RSA security lapse, says researcher
Texas water plant hacker: Password was just 3 characters
The deciphering of Stuxnet and what it means for corporations