Microsoft classifies Win32k.sys vulnerability as a low grade threat and says there are no plans for an out-of-band patch
Microsoft has said that it is investigating a vulnerability in the Windows Kernel-mode drivers that affects all operating systems, but is not releasing a security advisory.
The company initially acknowledged the flaw on Monday evening, with a message on Twitter saying that it was ‘investigating a publicly reported vulnerability in Win32k.sys', but was not aware of any attacks against this issue.
Jerry Bryant, senior security communications manager at Microsoft, later claimed that it was not aware of any attacks that try to use the reported vulnerability or of any customer impact at this time.
He said: “While most in the industry reported this as a low-severity vulnerability, it generated quite a bit of attention, and as always, we started our investigation as soon as we became aware of the issue.
“We have not yet reported on this issue because it's important we're thorough in our investigations, and there were a couple of possible vectors that we wanted to validate (or invalidate as the case may be) before we commented or defined a course of action.
“As a result, we are now able to report that this is a local elevation of privilege vulnerability only. This type of issue allows attackers to gain system-level privileges after they have already obtained an account on the target system. For this issue to be exploited, an attacker must have valid logon credentials on the target system and be able to logon locally, or must already have code running on the target system. The vulnerability cannot be exploited remotely, or by anonymous users.”
He claimed that there are no plans to release a security advisory for this issue, but it will be included in a future security update.
“We will continue monitoring the threat landscape and alert customers if anything changes,” he said.
Security firm Secunia classified the flaw as 'less critical' and said a solution was to only grant access to trusted users.
Alan Bentley, SVP international at Lumension, said: “The vulnerability involves a heap overflow which is more difficult to take advantage of than a traditional buffer overflow. However, if executed, it can reportedly afford escalation of privilege, denial-of-service or potentially execute arbitrary code with kernel privileges.”