News

Researchers circumvent Windows protection mechanisms via gui leak

By admin
Spread the love

Until Tuesday’s patch Tuesday round, an attacker with access to a Windows system was able to circumvent Windows’ security mechanisms by flipping one bit. An attacker with low access privileges could thereby usurp administrative access.

The vulnerability was located in the part of the Windows kernel that is responsible for the gui. Specifically, it was part of a DLL that is responsible for scroll bars in windows. By manipulating one bit, the researchers were able to circumvent security mechanisms that, for example, prevent injected data from being executed in memory.

Microsoft patched the vulnerability on Tuesday in its patch Tuesday round. The problem has been present in all versions of Windows since XP, including the technical preview of Windows 10. “We’ve shown that you can take complete control of a Windows system with a small bug,” the researchers said.

While the vulnerability does not allow access to a system from outside, it allows attackers who already have access to greatly expand their access to the system. This allows an attacker to gain administrative access. The security problem could therefore be deployed together with another exploit.

You might also like
News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones