Windows Kernel Bug Bypasses UAC Security

Kara Reeder
Slide Show

8 Elements of Complete Vulnerability Management

Eight essential elements to help reduce your vulnerability to hackers.

An unpatched vulnerablity in the Windows kernel could allow attackers to bypass the User Account Control to gain control of a PC, reports Computerworld.


According to Sophos researcher Chet Wisniewski, who calls the bug a potential "nightmare," the vulnerability exists in the "win32k.sys" file and affects all versions of Windows, including XP, Vista, Server 2003, Windows 7 and Server 2008.


Microsoft is investigating the issue, but stresses:

Because this is a local elevation-of-privilege issue, it requires attackers to be already able to execute code on a targeted machine.

Computerworld explains why an exploit might be difficult:

Attackers would have to combine the exploit with other malicious code that takes advantage of another vulnerability on the machine-not necessarily one in Windows, but in any commonly-installed application, such as Adobe Reader, for example-to hijack a PC and bypass UAC.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data