Microsoft Windows win32k.sys Memory Corruption Vulnerability

A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user’s system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser or Internet Explorer.

Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.

Microsoft is currently investigating and perhaps turn back soon with a hotfix or patch.

Stay tuned …

 



Comments are closed.