Windows 7 vulnerabilities

This is a interesting post regarding a Windows 7 vulnerability that has remained unpatched for quite a while now. In 2009 Security researcher Long Zheng disclosed a UAC vulnerability that gives the possibility to install software on the target system without user interaction.

Two years have passed and this issue regarding the UAC vulnerability has not been dealth with.One of the reasons may be the fact that “Zheng’s vulnerability is only valid for protected administrator accounts with default UAC settings”.

Also the post describes a different vulnerability that adresses privilage elevation:

“The method of elevation is an architectural issue. Elevated processes must be protected at the kernel level. Currently, at least as far as we are aware, PowerBroker Desktop is the only product on the market that deal with this type of threat,”

The complete article can be found here: http://www.thetechherald.com/article.php/201107/6830/RSAC-2011-Windows-7-vulnerabilities-show-need-for-kernel-control

Advertisements

About Alexandru

Hi, I am Alexandru currently in Denmark studying at Lillebaelt at Networking as an Erasmus studend.
This entry was posted in IT Security, Week 15. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s