Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Microsoft has confirmed a privilege-escalation vulnerability in the Windows kernel, one day after a Google engineer posted details of the flaw to the Full Disclosure mailing list. Jerry Bryant, senior security program manager at Microsoft, said in a blog post that the bug affects all supported versions of 32-bit Windows, while 64-bit versions, which includes Windows Servers 2008 R2, are not impacted. In addition, the vulnerability is difficult to exploit, he said. As a result, Microsoft deems the risk to users to be low, and the software giant is not aware of any public attacks exploiting the flaw. "To exploit this vulnerability, an attacker must already have valid logon credentials and be able to log on to a system locally, meaning they must already have an account on the system," Bryant said. "An attacker could then elevate their privileges to the administrative level and run programs of their choice on the system.As users await a patch — Microsoft's next security update is due out February 9 — they can disable the NT Virtual DOS Mode (NTVDM) subsystem if they do not require NTVDM or support for 16-bit applications, he said.Microsoft's disclosure of the zero-day vulnerability comes one day before Microsoft was set to release an emergency fix for a dangerous Internet Explorer hole that has been leveraged in the widely publicised Chinese espionage attacks on Google and other high-profile companies. See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.