Zero Day Bug Bypasses Windows User Account Control
Local buffer overflow vulnerability tricks Microsoft operating systems into granting an attacker system-level user privileges.
How Firesheep Can Hijack Web Sessions
(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions
Multiple versions of Microsoft Windows are vulnerable to a previously undisclosed, zero-day buffer-overflow vulnerability that would allow an attacker to gain system-level privileges and take control of the PC.
According to security research firm Vupen, "this issue is caused by a buffer overflow error within the 'win32k.sys' driver when processing certain registry values stored as 'reg_binary,' which could allow unprivileged users to crash an affected system or execute arbitrary code with kernel (system) privileges," by modifying registry values related to end-user-defined characters (EUDC) for fonts.
According to security researcher Chester Wisniewski at Sophos, an attacker can use the EUDC-related key "to impersonate the system account, which has nearly unlimited access to all components of the Windows system."
Details of the vulnerability, together with proof-of-concept code, have been publicly disclosed, meaning it's only a matter of time before actual exploits appear. Microsoft has acknowledged the vulnerability, but noted that an attacker would need local access to exploit it.
Vupen rates the vulnerability as being of "moderate" risk, and said it confirmed the bug exists in Windows 7, Windows Server 2008 SP2, and Windows Vista SP2. While it also affects Windows XP and Windows 2003, executing the attack on those operating systems would be relatively difficult.
The security firm Prevx, which originally brought the flaw to light, said that one of the biggest security risks is that the bug allows attackers to bypass User Account Control (UAC) safeguards and take "full control of the system." Microsoft added UAC to Windows Vista and 7 specifically to prevent these types of privilege-escalation attacks.
While no patch is yet available, Sophos' Wisniewski supplied a "somewhat complicated" workaround. It uses Regedit to alter a registry value related to EUDCs for fonts, preventing an attacker from being able to exploit the bug. The fix may, however, break multilingual Windows installations.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024