SophosLabs revealed a new zero-day exploit in Microsoft Windows which allows an application to elevate permissions while bypassing User Account Control (UAC) In Windows Vista and Windows 7.
The exploit affects all versions of Windows back to Windows XP. An elevation of priviledge vulnerability means that malicious code is able to effectively take control of a system even when run in so-called ‘sandboxed’ environments such as web browsers.
“The exploit takes advantage of a bug in win32k.sys, which is part of the Windows kernel. The flaw is related to the way in which a certain registry key is interpreted and enables an attacker to impersonate the system account, which has nearly unlimited access to all components of the Windows system,” wrote Sophos security advisor Chester Wisniewski on the firm’s Naked Security blog.
“There is one mitigation I discovered while researching this exploit. Unfortunately it is somewhat complicated, said Wisniewski. The SophosLabs Naked Security blog has details of the changes that need to be applied to Windows including registry settings.
Wisniewski posted a YouTube video showing how the exploit works and what can be done about it.