Windows Vulnerability Helps Malware to Evade UAC
Antimalware vendor Prevx has raised warning against a critical flaw in fully patched versions of Microsoft Windows. This new flaw help cybercriminals to execute the malware, even in versions that are created to resist such kind of exploits, as reported by The Register on November 25, 2010.
Commenting on the issue, Marco Giuliani, malware Technology Specialist and a researcher at Prevx stated that, this was a critical vulnerability as it is located in win32k.sys, the kernel mode part of the Windows subsystem. He further stated that, it was an advantageous escalation exploit that facilitated even limited user accounts to carry out arbitrary code in kernel mode, as reported by PC PRO on November 25, 2010.
The Windows System account is created for utilization by the operating system itself, and has similar advantages like an 'Administrator account'. Cybercriminals can utilize the bug to forward overwritten return memory addresses to infected code. It permits roughly unrestricted access to all Windows elements, thus leading to a critical security danger.
Marco further added that, being an advantageous escalation exploit, it evades by design even the safety provided by the User Account Control technology and Limited User Account technology executed in Windows Vista and Windows 7, as reported by The Register on November 25, 2010. Moreover, he highlighted that, all Windows XP/Vista/7 both 32 and 64 bits are at great risk and are can be highly exploited by this attack. While the API-based vulnerability has been posted on a Chinese message board, Prevx has not observed any attacks so far.
Giuliani added that, this vulnerability could significantly become terrifying due to its nature. He stated that they soon expect to see this exploit being aggressively utilized by malwares as this is one golden opportunity that malware authors definitely won't miss.
In addition, Paul Ferguson, Senior Threat Researcher at Trend Micro stated that, the timing of this vulnerability was critical given the fact that holidays are approaching, as reported by ITPRO on November 26, 2010. He highlighted that, with users spending more time online searching for discounts and other deals, it may become simpler for cybercrooks to circulate malware making use of the zero-day flaw.
As per a statement, which a spokeswoman attributed to Jerry Bryant, Group Manager at the company's Response Communications, Microsoft was aware regarding the whole matter and is investigating the issue, as reported by The Register on November 26, 2010.
Related article: Windows XP Fault Strike Firewall
» SPAMfighter News - 08-12-2010