|
|
|
|
|
| Vulnerability in Windows Kernel Could Allow Elevation of Privilege |
|
Search
|
|
|
|
Security News
|
|
 |
Mathew J. Schwartz, InformationWeek |
2010-08-27 14:11:17 |
Email and peer-to-peer networks also rank as significant venues for malware attacks, which have increased slightly in the U.S. but declined in Europe, according to Panda Security. |
|
 |
Hugo Jean, Heptacube Inc. |
2010-08-24 14:51:53 |
The motivation behind the $7.68 billion deal is unclear, but Intel says it wants to integrate computer security into its hardware. |
|
|
IT Directory
|
| Wiseleap Solutions Inc. | |
|
Founded in 2005, Wiseleap Solutions Inc.'s mission consists in providing companies with the information necessary to make cri [...]
|
| IT Ration Consulting Inc. | |
|
IT-Ration Consulting inc has been a NetSuite Partner since 2005 and helps your enterprise grow by aligning your Information T [...]
|
| HumanWare | |
|
Empowering People
Focused on enhancing the lives of people with visual and learning disabilities, HumanWare provide [...]
|
|
|
|
By Hugo Jean, Heptacube Inc.
|
 |
|
2010-01-22 12:16:02
|
Microsoft released a security advisory to present a vulnerability that was first found in June 2009 by a Google security team member, Tavis Ormandy. Microsoft took a lot of time for releasing the advisory, but at least the danger of the vulnerability is considered very low.
The vulnerability permits an elevation of privilege on a Windows machine that is not x64- or Itanium-based. The problem has to do with the DOS Virtual Machine (NTDVM) not properly handling certain exceptions. Even though NT and its vulnerability have been around for 17 years, there is no known exploit of it. The thing is the attack would have to come from the internal network, from a user with legitimate login credentials. If such a user was to access a vulnerable machine, he would be able to obtain administrator privileges and get the computer to stop responding and restart through a specially crafted DOS application.
There is a workaround to the vulnerability for preventing intrusions while waiting for a patch by Microsoft. By accessing "gpedit.msc" through the Run... dialog box and enabling "Prevent access to 16-bit applications", the malicious applications will not be able to run. Of course, it will also block other 16-bit applications from running, but these are quite rare these days so it should be a minor annoyance.
The security advisory does not precise wether the vulnerability will be addressed within the regular Patch Tuesday updates or with an out-of-band patch.
|
|
Tags |
kernel Microsoft MS-DOS NT NTVDM vulnerability Windows |
