Security Bytes

Aug 9 2010   6:28PM GMT

New Windows vulnerability reported



Posted by: Marcia Savage
Tags:
Kernel flaws
Microsoft Security
Microsoft Windows

New flaw is a moderate risk and targets the Windows Kernel.

Security researchers reported a new Windows vulnerability that could allow attackers to gain elevated privileges on vulnerable machines.

Security research firm VUPEN Security said it confirmed the vulnerability on fully patched Windows 7 systems, and machines running Windows Server 2008 SP2, Windows Server 2003 SP2, Windows Vista SP2, and Windows XP SP3.

Microsoft is investigating “reports of a possible vulnerability in Windows Kernel,” Jerry Bryant, Microsoft group manager of response communications, said in an emailed statement. “Upon completion of the investigation, Microsoft will take appropriate actions to protect customers,” he said.

According to VUPEN, the Windows vulnerability is caused “by a buffer overflow error in the ‘CreateDIBPalette()’ function within the kernel-mode device driver ‘Win32k.sys’ when using the ‘biClrUsed’ member value of a ‘BITMAPINFOHEADER’ structure as a counter while retrieving Bitmap data from the clipboard.”

The flaw, which the company rated as a moderate risk, could be exploited by an attacker to crash a system or execute arbitrary code with kernel privileges. Security provider Secunia rated the vulnerability, which was discovered by a researcher going by the name of “Arkon,” as “less critical,” just one step above the company’s “not critical” rating.

<<<<<<<< AUG 11 UPDATE >>>>>>>>>>>>

A Microsoft spokesman said engineers have determined the Windows Kernel zero-day to be a low-level threat that will be addressed in a future security update.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: