News

Microsoft Investigating Windows Proof-of-Concept Flaw

Microsoft noted last week that its security team is looking into an elevation-of-privilege exploit affecting Windows-based systems.

The company released very little information, except for a brief Nov. 24 notice on its Twitter security response page. The flaw was disclosed after someone posted proof-of-concept code on a "programming education site," according to Chester Wisniewski, senior security advisor at Sophos Canada, in a blog post. The code was subsequently removed, he noted.

The flaw enables elevation-of-privilege from a local user account level to the system account level. It also bypasses the user account control (UAC) protection found in Windows Vista and Windows 7, Wisniewski explained. He described it as a Win32k.sys bug.

"The flaw is related to the way in which a certain registry key is interpreted and enables an attacker to impersonate the system account, which has nearly unlimited access to all components of the Windows system," he wrote in the blog.

In addition to Vista and Windows 7, other Windows operating systems (both 32-bit and 64-bit) are subject to the flaw, including Windows XP, Windows Server 2008 and Windows Server 2003, according to a post by Prevx blogger Marco Giuliani. He explained that the flaw cannot be exploited via remote code execution.

"It is a local privilege escalation exploit," Giuliani wrote. "This means that the potential malware must be already in the target machine to exploit this flaw." However, he described it as a critical flaw because it enables the local user to gain administrative privileges.

Microsoft hasn't rated the exploit nor said when, or if, it would provide a fix. Both antimalware vendors offered some advice in their blogs to avoid the zero-day flaw. The advice includes altering the registry for standard users or downloading security software.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Windows 10 Preview Adds Ability To Display Linux Distro Files

    Microsoft on Wednesday announced Windows 10 preview build 19603, which adds easier access to installed Linux distro files using Windows File Explorer.

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.