New 0-day Vulnerability in Windows Circumvents UAC
By on November 26th, 2010

When Microsoft added UAC (User Account Control), the promise was that it will make Windows more secure. Pardon me if I come across as a cynic, but all it seems to be capable of doing is annoying users. Yes, Windows 7 makes UAC a lot more bearable, but it’s still annoying. On top of that, it doesn’t actually do a lot to prevent malware attacks or malicious program execution. To make things even worse, a new flaw has been uncovered that can be used to completely bypass UAC in Windows Vista and 7.

The developers of popular security software Pervx spotted a new 0-day vulnerability being discussed in a Chinese forum. According to them, “This is a serious flaw because it resides in win32k.sys, the kernel mode part of the Windows subsystem. It is a privilege escalation exploit which allows even limited user accounts to execute arbitrary code in kernel mode.”

This flaw basically enables an attacker to execute applications with system (full) privileges. Unfortunately, there is not a lot you can do to keep yourself safe at this point of time. Sophos has suggested a workaround; however, it is not known how effective the proposed safety measure is.

Tags: , , , , ,
Author: Pallab De Google Profile for Pallab De
Pallab De is a blogger from India who has a soft spot for anything techie. He loves trying out new software and spends most of his day breaking and fixing his PC. Pallab loves participating in the social web; he has been active in technology forums since he was a teenager and is an active user of both twitter (@indyan) and facebook .

Pallab De has written and can be contacted at pallab@techie-buzz.com.
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN