Microsoft engineers have determined that a new Windows kernel zero-day vulnerability poses very little threat to users.
Security research firm VUPEN Security, based in France, issued an
"The vulnerability poses very little risk," Jerry Bryant, group manager of Microsoft Response Communications, said in a post at the Microsoft Security Response Center blog. According to Bryant, Microsoft engineers have determined that the vulnerability could only be exploited locally by a person who has obtained an account on the targeted system.
"For this issue to be exploited, an attacker must have valid logon credentials on the target system and be able to log on locally, or must already have code running on the target system," Bryant said. "The vulnerability cannot be exploited remotely, or by anonymous users."
Bryant said the issue would be addressed in a future security update.