Possible New Zero-Day Windows 7 Flaw Under Investigation

  /     /     /  
Publicated : 22/11/2024   Category : security


Possible New Zero-Day Windows 7 Flaw Under Investigation


Specially crafted Web page viewed with Safari causes blue screen of death, remote execution



Microsoft is studying a newly disclosed bug in Windows 7 that that lets the attacker crash a patched Windows 7 machine and ultimately allow an attacker to hack the machine when its running Apples Safari browser.
The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large height attribute viewed using the Apple Safari browser, Secunia
reported in an advisory earlier this week
. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges.
Secunia has confirmed the new memory corruption flaw in 64-bit versions of Windows 7 Professional, but says it might exist in other versions as well.
“We’re looking into an issue that may cause unexpected behavior in certain 64-bit Windows installations. We will take appropriate action to best protect our customers, says Jerry Bryant, group manager, response communications for Microsoft Trustworthy Computing.
Word of the flaw first came to light when a researcher who goes by the handle
webDEViL first tweeted about it.
According to a
post yesterday on the Cyberarms blog
, the flaw at first causes Windows 7 to render the blue screen of death, and then can be used to create a zero-day exploit.
Just a single line stored in an html file with the right number causes the crash, according to the blog, indicating there also appears to be an issue in Safari that allows this malicious activity. As soon as you attempt to open the webpage with Safari, your Windows 7 instantly crashes. Hopefully Apple will get this patched quickly.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Possible New Zero-Day Windows 7 Flaw Under Investigation