A new zero-day exploit has been discovered in Windows. The exploit allows an application to elevate its privilege to “system.” In Vista and Windows 7 it also bypasses User Account Control (UAC). This exploit takes advantage of a bug in win32k.sys–part of the Windows kernal–and enables an attacker to impersonate the system account.
This flaw doesn’t execute code on its own, but does allow non-admin accounts to be elevated as if there had administrator powers. To protect yourself, be sure to visit Microsoft Update, as will hopefully patch this bug soon.
You’ll need to determine how serious this is to your particular setup. As long as you’re not prone to viruses, you may not be at immediate risk. But there is always the potential a virus could affect your PC and elevate itself to admin-like powers.
Source: NakedSecurity Blog
No comments yet.