News Stay informed about the latest enterprise technology news and product updates.

Microsoft to address low-level Windows kernel flaw in future update

Microsoft engineers have determined that a new Windows kernel zero-day vulnerability cannot be exploited remotely.

Microsoft engineers have determined that a new Windows kernel zero-day vulnerability poses very little threat to...


Security research firm VUPEN Security, based in France, issued an advisory late last week about the Windows kernel flaw and warned that the bug could be exploited by attackers to crash a system or potentially gain elevated privileges. The vulnerability affects Windows XP, Windows Vista, Windows 7 and Windows Server 2008 and 2003 systems.

"The vulnerability poses very little risk," Jerry Bryant, group manager of Microsoft Response Communications, said in a post at the Microsoft Security Response Center blog. According to Bryant, Microsoft engineers have determined that the vulnerability could only be exploited locally by a person who has obtained an account on the targeted system.

"For this issue to be exploited, an attacker must have valid logon credentials on the target system and be able to log on locally, or must already have code running on the target system," Bryant said. "The vulnerability cannot be exploited remotely, or by anonymous users."

Bryant said the issue would be addressed in a future security update.

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.