News; Microsoft is looking into the Windows kernel defects
Microsoft is the Windows kernel in place of defects into reports, but said the defect of the influence is not big, hackers need to use another defect to launch ranged attack.
Hackers can use the defects around Windows Vista and Windows 7 user account control (hereinafter referred to as "UAC") function, a security company says the defects as "a nightmare". The purpose of the UAC is to prevent malicious a "secretly installed in the system," at least increase the difficulty of malicious a installation.
Microsoft Office 2010 security response center manager Jerry Bryant (Jerry Bryant) said in an email, "Microsoft attention has been paid to the Windows kernel could exist in a permission ascension defect of the report. We will continue to investigate this question, we will complete the investigation by proper measures."
Security firm Sophos researchers cut Harriet sneath has a base (Chet Wisniewski) published on Thursday, said the blog article win32k sys. Of this document deficiency affects all version of Windows, including XP, Vista, Windows 7 and Server 2003, Server 2008.
Including Sophos and Vupen, several security company has confirmed that the defect, and said the public spread against the code can be in Vista, Windows 7 and Server running on 2008.
But Microsoft stressed that hackers can't remote using the defect ranged attack PC, because use the defects can require the user to visit PC. Bryant said, "attack requires hacking was able to attack the target on running code. Using the defects, only hackers can't attack" to a PC.
Security firm Prevx researcher Marco Giuliani (Marco Giuliani) says, "this defect may become a nightmare for the security of a system, we expect that it will soon be used, hacker won't miss this opportunity."
Bryant didn't disclose Microsoft will fix these defects.