Microsoft engineers have determined that a new Windows kernel zero-day vulnerability poses very little threat to users.
Security research firm VUPEN Security, based in France, issued an advisory late last week about the Windows kernel flaw and warned that the bug could be exploited by attackers to crash a system or potentially gain elevated privileges. The vulnerability affects Windows XP, Windows Vista, Windows 7 and Windows Server 2008 and 2003 systems.
"The vulnerability poses very little risk," Jerry Bryant, group manager of Microsoft Response Communications, said in a post at the Microsoft Security Response Center blog. According to Bryant, Microsoft engineers have determined that the vulnerability could only be exploited locally by a person who has obtained an account on the targeted system.
"For this issue to be exploited, an attacker must have valid logon credentials on the target system and be able to log on locally, or must already have code running on the target system," Bryant said. "The vulnerability cannot be exploited remotely, or by anonymous users."
Bryant said the issue would be addressed in a future security update.