Patch Management

Microsoft confirms low-risk zero-day in Windows kernel

January 21, 2010

Microsoft has confirmed a privilege-escalation vulnerability in the Windows kernel, one day after a Google engineer posted details of the flaw to the Full Disclosure mailing list.

Jerry Bryant, senior security program manager at Microsoft, said in a blog post Wednesday evening that the bug affects all supported versions of 32-bit Windows, while 64-bit versions, which includes Windows Servers 2008 R2, are not impacted.

(The difference in bits refer to the ways in which computer processors handle information).

In addition, the vulnerability is difficult to exploit, he said. As a result, Microsoft deems the risk to users to be low, and the software giant is not aware of any public attacks exploiting the flaw.

"To exploit this vulnerability, an attacker must already have valid logon credentials and be able to log on to a system locally, meaning they must already have an account on the system," Bryant said. "An attacker could then elevate their privileges to the administrative level and run programs of their choice on the system.

As users await a patch — Microsoft's next security update is due out Feb. 9 — they can disable the NT Virtual DOS Mode (NTVDM) subsystem if they do not require NTVDM or support for 16-bit applications, he said.

Microsoft's disclosure of the zero-day vulnerability comes one day before Microsoft was set to release an emergency fix for a dangerous Internet Explorer hole that has been leveraged in the widely publicized Chinese espionage attacks on Google and other high-profile companies.

prestitial ad