Researchers are warning about a new remotely exploitable vulnerability in 64-bit Windows 7 that can be used by an attacker to run arbitrary code on a vulnerable machine. The bug was first reported a couple of days ago by an independent researcher and confirmed by Secunia.
In a message on Twitter, a researcher named w3bd3vil said that he had found a method for exploiting the vulnerability by simply feeding an iframe with an overly large height to Safari. The exploit gives the attacker the ability to run arbitrary code on the victim’s machine.
“A vulnerability has been discovered in Microsoft Windows 7, which can be exploited by malicious people to potentially compromise a user’s system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large “height” attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges,” the Secunia advisory said.
Microsoft officials have not confirmed the vulnerability, but said that they’re looking into it.
“We are currently examining the issue and will take appropriate action to help ensure the customers are protected,” Jerry Bryant, group manager of response communications in Microsoft’s Trustworthy Computing Group said.
The only known attack vector for this vulnerability right now is the Safari browser running on Windows 7, which is not the most common combination. Depending upon which metrics one uses, Safari has somewhere in the neighborhood of 9 to 11 percent market share. It’s not clear how many of those Safari users are running Windows, but it’s likely that the vast majority of them are running Mac OS X.
However, it’s possible that it may turn out that other browsers could be used as attack vectors for this vulnerability as more information becomes available.
I would start comment that the original article has hyper links not carried over in this article and comment. I would recommend you go to the original source for those.
Windows has been slowly tightening it’s security over the years. It was at one time the most vulnerable part of the computer. That tightening has brought us such wonderful issues as asking if you really want to put that file where you chose to copy and paste.
Many malware writers have since started looking for the easier ways in by riding in on the shoulders of other programs in install or seeking access through that way as easier than hacking into Windows itself.
Adobe has been one of the most notorious add ons, seriously lacking in security, allowing piggyback and infiltration into people’s computers, rather than attacking Windows straight on. Adobe has gained the dubious distinction for two years running as the ‘most hackable’ program.
I personally have other issues with Adobe in addition to the hackablility of the software, which is to say the phone home ‘feature’ of its products. No software such as Adobe reader needs to phone home 3 times a week for software updates. It needs to phone home to tell the home office what you are doing with the software and I resent that type of intrusion. I tend instead to find other means to do the same functions such as reading a pdf, without the need of Adobe in the middle of it all.
Sure firewalls block the TCP but do you know what Adobe is doing on UDP? Most firewalls don’t make that ability to block both standard. UDP may be slower but it still communicates when TCP is blocked in some cases. It’s the some cases that raise my hackles.