Another Windows 7 Zero-Day Released

DfgDfg Admin
edited August 2010 in Tech & Games
windows7logo.jpg

Microsoft’s security response team is investigating the release of a new zero-day flaw that exposes Windows 7 users to blue-screen crashes or code execution attacks.

The flaw could be exploited by local attackers to cause a denial-of-service or potentially gain elevated privileges, according to an advisory from VUPEN, a French security research outfit.

From VUPEN’s advisory:

This issue is caused by a buffer overflow error in the “CreateDIBPalette()” function within the kernel-mode device driver “Win32k.sys” when using the “biClrUsed” member value of a “BITMAPINFOHEADER” structure as a counter while retrieving Bitmap data from the clipboard, which could be exploited by malicious users to crash an affected system or potentially execute arbitrary code with kernel privileges.

The flaw is confirmed on fully patched Microsoft Windows 7, Windows Server 2008 SP2, Windows Server 2003 SP2, Windows Vista SP2, and Microsoft Windows XP SP3.

Microsoft plans to issue 13 bulletins with patches for 34 vulnerabilities tomorrow (Tuesday August 10) but it is unlikely we will see a fix for this new issue.

Link: http://threatpost.com/en_us/blogs/another-windows-7-zero-day-released-080910

Now I am really losing it. I hate Zero Day attacks and this has got to stop.

windows7update.JPG

Installing the updates right now.

Comments

  • fanglekaifanglekai Regular
    edited August 2010
    Well that's shitty. Does a firewall offer any real protection?
  • DfgDfg Admin
    edited August 2010
    fanglekai wrote: »
    Well that's shitty. Does a firewall offer any real protection?

    Windows Built-in Firewall does a decent job of protection from Windows Based Attacks but you will require a better firewall if you really want some protection. But I doubt you can run away from 0Day Exploits. You just pray you don't get pwned.
  • fanglekaifanglekai Regular
    edited August 2010
    I use Comodo Firewall, tons of firefox security addons, ad-aware, spybot, and avira. I don't want to get pwned.
  • fanglekaifanglekai Regular
    edited August 2010
    I don't get viruses or anything very often, and as far as I know my computer is secure. Exploits like this make me paranoid, though. I don't want to have to wipe my drive and start over.
  • DfgDfg Admin
    edited August 2010
    That exploit is local-only. A firewall is only going to make a difference if you've already downloaded and executed the NAUGHTY CODE, likely bound to a rootkit, which in turn tries to open an external connection.

    DEP is supposed to catch exactly this; I wonder what's going on there? Maybe it's disabled for certain system libraries. Actually, I don't think it's compatible with drivers running in realtime - probably worth looking into.



    Also wtf do you mean by that?

    I meant that Windows Firewall is pretty decent when it comes to 0day exploits. I can't recall the article but in some test it did prevent Windows from getting pwned.
  • v0xv0x Regular
    edited August 2010
    LOL DEP is a joke. Most new exploits and malware bypass it (and UAC, and Windos Firewall) very easily. But you're fine, this is just a local exploit. Unless you're running a server, you shouldn't really be too worried.
Sign In or Register to comment.