Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

Vulnerability in all current versions of Windows

by

http://secunia.com/advisories/42356/

Secunia Advisory SA42356

Microsoft Windows win32k.sys Driver “GreEnableEUDC()” Vulnerability

Description

A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

The vulnerability is caused due to an error in win32k.sys when processing the “GreEnableEUDC()” function. This can be exploited to overflow the “EntryContext” buffer specified in the “QueryTable” parameter to the “RtlQueryRegistryValues()” function via e.g. a specially crafted “SystemDefaultEUDCFont” registry value.

Successful exploitation allows execution of arbitrary code in the kernel.

Solution

Grant access to trusted users only.

Additional information

http://www.networkworld.com/news/2010/112710-nightmare-kernel-bug-lets-attackers.html

‘Nightmare’ kernel bug lets attackers evade Windows UAC

security

But unpatched bug can’t remotely hijack a PC on its own,

Microsoft says