New major security scare for Windows

Started by Rik, Nov 25, 2010, 09:46:47

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Rik

El Reg reports that:

QuoteAntimalware provider Prevx has sounded the alarm about a serious vulnerability in fully patched versions of Microsoft Windows. It allows attackers to execute malware, even in versions designed to withstand such exploits.

Technical details have already been published on a Chinese forum, leading to speculation that it won't be long before attackers exploit it in the wild.

"This could potentially become a nightmare due to the nature of the flaw," Prevx researcher Marco Giuliani wrote here. "We expect to see this exploit being actively used by malwares very soon – it's an opportunity that malware writers surely won't miss."

The flaw resides in the win32k.sys part of the Windows kernel and results from an API known as NtGdiEnableEUDC that fails to properly vet user input for harmful content. Attackers can exploit the bug to redirect overwritten return memory addresses to malicious code, which is then executed with kernel mode privileges. As a result, the flaw allows even users or processes with limited privileges to execute code will elevated rights.

"Being a privilege escalation exploit, it bypasses by design even the protection given by the User Account Control technology implemented in Windows Vista and Windows 7," Giuliani said. "All Windows XP/Vista/7 both 32 and 64 bit are vulnerable to this attack."

Microsoft "is aware of the issue and it is under investigation," according to a statement, which a spokeswoman attributed to Jerry Bryant, Group Manager of the company's Response Communications.

Bring back the BBC Micro!
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Glenn

Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: Glenn on Nov 25, 2010, 09:57:48
Time you moved to 64 bit OS.
Even that's not completely safe Glenn  :(
Damned, if you do damned if you don't

Glenn

Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: Glenn on Nov 25, 2010, 10:03:17
No OS will ever be sadly.
Very true Glenn, right now it just seems to be getting a whole lot worse quite quickly though, saying that this time of year is know for it.
Damned, if you do damned if you don't

pctech


DarkStar

Link to the Prevx blog by Marco on this, they will have a fix in the next couple of days.

http://www.prevx.com/blog.asp

No good going to 64 bit, thats as vulnerable as 32 bit with this one.
Best move to Linux  ;)
Ian

D-Dan

Quote from: DarkStar on Nov 25, 2010, 11:33:19
No good going to 64 bit, thats as vulnerable as 32 bit with this one.
Best move to Linux  ;)

I'm glad someone else said it this time; I was starting to sound repetitive  :red:

Steve
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

JB

JB

'Keyboard not detected ~ Press F1 to continue'

DarkStar

Update: Prevx have now released an update that protects it's users

http://www.prevx.com/blog/162/Windows-day-exploit-QA-session.html

Quick work  :thumb:
Ian

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Niall

Quote from: Rik on Nov 25, 2010, 09:46:47
El Reg reports that:

Bring back the BBC Micro!

I've got an Acorn Electron somewhere in the house :D
Flickr Deviant art
Art is not a handicraft, it is the transmission of feeling the artist has experienced.
Leo Tolstoy

Rik

It's worth more than you paid for it. :)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

pctech

Quick question about Prevx if I may as am not too familiar with the product.

Is the on access scanner enabled in the free edition and if so is this for a limited period only?


Gary

Quote from: pctech on Nov 27, 2010, 00:09:03
Quick question about Prevx if I may as am not too familiar with the product.

Is the on access scanner enabled in the free edition and if so is this for a limited period only?


The free edition will pinpoint infection without a time limit Mitch, but to use it to remove malware by letting it downloading the tools it needs, and to monitor where you surf with safe online you need a sub.
Damned, if you do damned if you don't

pctech

Cheers Gary.

I'll have to cough up then.


pctech

Coughed up for a 12 month Prevx licence last night as seems a really good product.

Ran a full scan and it picked up three pieces of what it termed as cloaked malware that MSE completely missed.

Gary

Quote from: pctech on Dec 02, 2010, 10:47:37
Coughed up for a 12 month Prevx licence last night as seems a really good product.

Ran a full scan and it picked up three pieces of what it termed as cloaked malware that MSE completely missed.
If you ever think you have a false positive Mitch the forum on Wilders is great, and you can talk directly to the guys who came up with the program who will do what they can to sort the issues out, they even will do remote sessions if you have conflicts to see what's going on  :thumb:
Damned, if you do damned if you don't

pctech

Cheers, I did join a while ago and they seem quite good on there.


Niall

You know, I have to wonder if this sort of thing is just to promote anti malware companies, or to get people to buy more 64bit operating systems.
Flickr Deviant art
Art is not a handicraft, it is the transmission of feeling the artist has experienced.
Leo Tolstoy

DorsetBoy

Quote from: Niall on Dec 02, 2010, 19:09:28
You know, I have to wonder if this sort of thing is just to promote anti malware companies, or to get people to buy more 64bit operating systems.

Why when it affects both 32 and 64 bit versions of Windows?

Niall

Oops, I thought it was just 32bit. That's what you get when reading a thread and looking at AV update lists at the same time ;D
Flickr Deviant art
Art is not a handicraft, it is the transmission of feeling the artist has experienced.
Leo Tolstoy