Windows 0-day circumvents UAC
Windows zero-day vulnerabilities are lately getting discovered too often for Microsoft’s – and users’ – liking. Unfortunately for all of us, details of yet another one have been disclosed on a Chinese board.
Prevx reports that the flaw affects Windows’ API and that it can be used by an attacker to elevate his system privileges and to run arbitrary code in kernel mode.
“Win32k.sys’s NtGdiEnableEUDC API is not rightly validating some inputs, causing a stack overflow and overwriting the return address stored on the stack,” says Prevx’s Marco Giuliani. “Being a privilege escalation exploit, it bypasses by design even the protection given by the User Account Control and Limited User Account technology implemented in Windows Vista and Windows 7. All Windows XP/Vista/7 both 32 and 64 bit are vulnerable to this attack.”
So far, there have been no news of the vulnerability being exploited in the wild, but you can be sure that will change very soon, since details of the flaw have been made public. Hopefully, Microsoft will manage to issue a patch before it is widely exploited.