The company warned users that a bug in a kernel, which counted more than 17 years could be used by hackers to crack PCs.
The vulnerability in the Windows Virtual DOS Machine (VDM) subsystem. The VDM subsystem was added to Windows with the July 1993 release of Windows NT, Microsoft's first fully 32-bit operating system. VDM allows Windows NT and later to run DOS and 16-bit Windows software.
The advisory spelled out the affected software on all 32-bit editions of Windows, including Windows 7, and told users how to disable VDM as a workaround. Windows' 64-bit versions are not vulnerable to attack.
"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," said the newest advisory. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
Jerry Bryant, a program manager with the Microsoft Security Response Center (MSRC), said that the company had not seen any actual attacks using the vulnerability, and also downplayed the threat if hackers do exploit the flaw. "To exploit this vulnerability, an attacker must already have valid logon credentials and be able to log on to a system locally, meaning they must already have an account on the system," Bryant said in an e-mail.
No comments:
Post a Comment