Security experts are warning about a newly discovered local privilege escalation bug in the Windows kernel that affects most of the current versions of the operating system, including Vista and Windows 7.
The new Windows kernel bug is considered a critical vulnerability, even though it can’t be exploited remotely, thanks to the fact that an attacker could use it gain powerful credentials on a compromised system and take complete control of the machine. Also, there is publicly available exploit code for the bug affecting Windows 7 and Windows Vista. Security firm Prevx said that it had seen exploits in the wild, but that they’re not usable against older Windows versions.
The flaw is a stack overflow in the NtGdiEnableEUDC API, which an attacker could use to escalate his privileges once he’s on a system, the company said. There is no patch available for the bug yet.
“This flaw allows all software, even if run from a limited account, to
gain system privileges. We see many drive-by attacks, which make use
of application exploits to drop malware on vulnerable machines. While
there are still a huge number of customers who are used to run their
operating system with administrative privileges, most users are using
limited accounts or administrator accounts in Admin Approval Mode (User
Account Control). Using a limited account gives them a great advantage
versus malware, because it limits the vulnerable surface the malware can
damage. This 0-day exploit allows a malware that has already been
dropped on the system to bypass these limitations and get the full
control of the system,” Prevx said in a blog post.
Local vulnerabilities typically aren’t considered critical, but the location of the EnableEUDC bug and the availability of exploit code has heightened the level of concern.