Windows Vista and Windows 7 Kernel Bug Can Bypass UAC
A new vulnerability has been found in User Account Control feature of Windows 7 and Windows Vista. This still unpatched vulnerability could be used by hackers to bypass the UAC feature which was introduced in Windows Vista back in 2007. UAC is a feature that displays prompts before any unknown file tries to execute. Now with the help of this vulnerability, the hackers can bypass this feature. This vulnerability has been dubbed as “nightmare” but Microsoft still insists that hackers would need another exploit in addition to “nightmare” in order to launch remote exploits.
The bug is in “win32k.sys file which is a part of the Windows kernel and exists in all versions of Windows including Windows XP, Vista, Server 2003, Windows 7 and Server 2008.
Hackers cannot use the exploit to remotely compromise a PC, however, as it requires local access, a fact that Microsoft stressed. "Because this is a local elevation-of-privilege issue, it requires attackers to be already able to execute code on a targeted machine," said Bryant.
"On its own, this bug does not allow remote code execution, but does enable non-administrator accounts to execute code as if they were an administrator," added Wisniewski. This allows only the malware that has already been dropped into the system to bypass the UAC and get full control of the system.
Microsoft has not yet given any patch for this vulnerability. Hopefully Microsoft will release a patch for this nightmare flaw in Windows Kernel in their “Patch Tuesday”.
If you want to see how this vulnerability works, you can go to Sophos Security.