Send tip

Category: Software

Flaw on Windows System is Having a Fix

Written on August 10, 2010 by Adam Eve

0 person

The win32k.sys bug is like the jailbreak technology. Only, it's not used on iPhone or any other Apple devices, it's use to crash your PC. There's no available patch yet, but it's better that users know.

Israeli researcher Gil Dabah published last Friday a new flaw that allows all current supported versions of the OS to be crashed. This bug permits a local user to cause a system to suffer a blue-screen. This may also allow attackers to run code with privileges of their choice. The -mode component bug named handles many features like window management and 2D graphics. But this flaw specifically handles the system clipboard. A malformed data will be placed on the clipboard, making the system to corrupt the screen then and there.

The component in question did not run in kernel mode back in the early days of Windows. It was only moved for the Windows NT 4 to make the 2D desktop graphics substantially faster. Since then, win32k.sys remained in kernel mode. As a result, it affects Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2 (both x86 and x64). So far, has fixed a number of similar flaws in the Windows kernel. If the exploit can reach to a point where an attacker is allowed to execute arbitrary code, then — with a regular user account — it can increase his privileges. Still, the ability to log-in is required. However, it makes the flaw more useful because it allows the assailant to crack system sandboxes — like those used in Chrome and IE.

This is the technique precisely used to jailbreak iPhone and other devices. But as Windows XP is starting to be obsolete and sandboxing is starting to be become common, typical attacks on the Windows system in an attempt to escalate privileges is not that bothering. It’s no longer worth the effort due to the widespread use of Windows XP and users running with full Administrator rights.

View Article Source »

Related articles


View all