Patch Management

Google engineer finds Windows kernel bug

January 19, 2010
A security engineer on Tuesday posted details about an unpatched Windows kernel vulnerability. The flaw affects all versions of the operating system and can result in privilege escalation, according to an advisory posted to the Full Disclosure mailing list by Google engineer Tavis Ormandy. A successful exploit can allow an attacker to change the address for the kernel stack. Ormandy was responsible for reporting the lone vulnerability patched in last week's Microsoft security update. A Microsoft spokeswoman had no immediate comment. — DK
prestitial ad