8 Elements of Complete Vulnerability Management
Eight essential elements to help reduce your vulnerability to hackers.
An unpatched vulnerablity in the Windows kernel could allow attackers to bypass the User Account Control to gain control of a PC, reports Computerworld.
According to Sophos researcher Chet Wisniewski, who calls the bug a potential "nightmare," the vulnerability exists in the "win32k.sys" file and affects all versions of Windows, including XP, Vista, Server 2003, Windows 7 and Server 2008.
Microsoft is investigating the issue, but stresses:
Because this is a local elevation-of-privilege issue, it requires attackers to be already able to execute code on a targeted machine.
Computerworld explains why an exploit might be difficult:
Attackers would have to combine the exploit with other malicious code that takes advantage of another vulnerability on the machine-not necessarily one in Windows, but in any commonly-installed application, such as Adobe Reader, for example-to hijack a PC and bypass UAC.