Article

Microsoft to address low-level Windows kernel flaw in future update

SearchSecurity.com Staff

Microsoft engineers have determined that a new Windows kernel zero-day vulnerability poses very little threat to users.

Security research firm VUPEN Security, based in France, issued an

    Requires Free Membership to View

advisory late last week about the Windows kernel flaw and warned that the bug could be exploited by attackers to crash a system or potentially gain elevated privileges. The vulnerability affects Windows XP, Windows Vista, Windows 7 and Windows Server 2008 and 2003 systems.

"The vulnerability poses very little risk," Jerry Bryant, group manager of Microsoft Response Communications, said in a post at the Microsoft Security Response Center blog. According to Bryant, Microsoft engineers have determined that the vulnerability could only be exploited locally by a person who has obtained an account on the targeted system.

"For this issue to be exploited, an attacker must have valid logon credentials on the target system and be able to log on locally, or must already have code running on the target system," Bryant said. "The vulnerability cannot be exploited remotely, or by anonymous users."

Bryant said the issue would be addressed in a future security update.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: