Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

August 11th, 2010, 08:10 GMT · By

Microsoft Confirms Local Privilege Escalation Bug

SHARE:

Adjust text size:


Microsoft says win32k.sys bug can only be used to escalate privileges
Enlarge picture
Microsoft has confirmed a vulnerability in the win32k.sys kernel-mode driver, which affects all supported versions of the Windows operating system and can be exploited by local attackers to escalate privileges.

The flaw was publicly disclosed by a security researcher last week and some vulnerability research companies had different opinions about its severity.

"The vulnerability is caused due to a boundary error in win32k.sys within the 'CreateDIBPalette()' function when copying colour values into a buffer allocated with a fixed size when creating the DIB palette," Secunia, which rates the bug as less critical, explains.

The flaw got significant coverage in the media, because of reports that it could also allow for arbitrary code execution in certain circumstances.

Microsoft set out to investigate the bug and now reports that only local privilege escalation is possible.

"This type of issue allows attackers to gain system-level privileges after they have already obtained an account on the target system.

"For this issue to be exploited, an attacker must have valid log-on credentials on the target system and be able to log on locally, or must already have code running on the target system," Jerry Bryant, group manager with the Microsoft Security Response Center (MSRC), notes.

As a result, the company doesn't plan to issue a security advisory in advance and will address the flaw in a future security update, possibly during next month's Patch Tuesday.

In related news, Microsoft released a batch of updates yesterday, which address eight critical-severity issues, six important-severity and 4 high-priority ones.

Meanwhile, VUPEN, a reputed vulnerability research company, reports that none of the bugs it discovered in IE, Office or Windows, since it stopped sharing info with affected vendors, were covered in yesterday's Security Bulletin.

This includes a recently announced flaw which the company says might allow attackers to bypass killbits and re-enable previously blocked ActiveX exploits.

You can follow the editor on Twitter @lconstantin

TELL US WHAT YOU THINK:

1,299 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


New Windows Vulnerability Could Re-Enable Old Exploits
New Windows Arbitrary Code Execution Flaw Disclosed
Microsoft to Patch Critical LNK Flaw in Two Days
Microsoft Confirms Zero-Day Critical Vulnerability
Upset Security Researchers Start Releasing Microsoft 0Days

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use