Microsoft to address low-level Windows kernel flaw in future update

Microsoft engineers have determined that a new Windows kernel zero-day vulnerability cannot be exploited remotely.

Microsoft engineers have determined that a new Windows kernel zero-day vulnerability poses very little threat to users.

Security research firm VUPEN Security, based in France, issued an advisory late last week about the Windows kernel flaw and warned that the bug could be exploited by attackers to crash a system or potentially gain elevated privileges. The vulnerability affects Windows XP, Windows Vista, Windows 7 and Windows Server 2008 and 2003 systems.

"The vulnerability poses very little risk," Jerry Bryant, group manager of Microsoft Response Communications, said in a post at the Microsoft Security Response Center blog. According to Bryant, Microsoft engineers have determined that the vulnerability could only be exploited locally by a person who has obtained an account on the targeted system.

"For this issue to be exploited, an attacker must have valid logon credentials on the target system and be able to log on locally, or must already have code running on the target system," Bryant said. "The vulnerability cannot be exploited remotely, or by anonymous users."

Bryant said the issue would be addressed in a future security update.

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close