New Remotely Exploitable Vulnerability Found in 64-bit Win7
An independent researcher has discovered a remotely exploitable vulnerability in Windows 7 that's linked to Apple's Safari browser.
Threat Post, a Kaspersky Lab security news service, reports that researchers are now warning about a new remotely exploitable vulnerability discovered in the 64-bit version of Windows 7. This vulnerability can be used by an attacker to run arbitrary code with kernel-mode privileges on a vulnerable machine.
The problem was first reported days ago by an independent researcher via Twitter, but has since been confirmed by Secunia. He claimed to have discovered a method for exploiting the vulnerability by simply feeding an iframe with an overly large height to Safari.
"A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system," reads the Secunia warning. "The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser."
"The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit," the warning adds. "Other versions may also be affected."
After the exploit was reported, Microsoft didn't confirm the problem, but merely stated that it was investigating the evidence. "We are currently examining the issue and will take appropriate action to help ensure the customers are protected," said Jerry Bryant, group manager of response communications in Microsoft's Trustworhty Computing Group.
As indicated, the only known attack vector for this specific vulnerability is through the use of Apple's Safari browser on Windows 7. As of November 2011, the Safari browser commanded only 5.92-percent of the browser market, so there doesn't seem to be a potential widespread problem. So far there's no indication that the three most popular browsers -- Internet Explorer (40.63-percent), Chrome (25.69-percent) and Firefox (25.23-percent) -- share a similar vulnerability when used in Windows 7.
- SW:TOR Hit With Code Errors, Long Server Queues
- MSI's GT780DX Gaming Notebook Arrives in Time for Xmas
- AMD CMO Nigel Dessau Leaving Company
- Deals Dec 21: 13.3" Dell V131 Core i3 2.2GHz $583 FS
- Acer Developing a $699 15" Ultrabook, Says Supply Chain
- Apple's Anobit Acquisition Confirmed by Israeli Prime Minister
- Universal Transistor Could Enable Much Smaller Circuits
- SSD Prices Falling Faster Than HDD Prices
- Super Talent Intros Storage POD Mini USB 3.0 External SSD
- Mozilla May be Aiming For a Firefox Games Platform
- TRENDnet Launches Compact 200Mbps Powerline Adapter
- Deals Dec 22: 20" Planar 1600x900 LED-backlit LCD $120 FS
- Intel Expands CPU Market Share in Q3 to 84 Percent
- Opinion: Why Microsoft’s Windows 8 App Store May Fail
- $1000 Optimus Popularis Keyboard Gets a Shipping Date
- Google Details Successes of its Chrome Release Process
- BioWare: Next Dragon Age Will Be Inspired By Skyrim
- Researchers Say Molybdenite Could Replace Silicon in Chips
Only on Safari?
Who the hell uses Safari on Windows?
Well, it had to be the best Antivirus in town too....
I think this is a move from Apple to screw Microsoft
nice try apple but we arent that stupid
Safari - ahahahahahahahaha
The actual vulnerability is in the NtGdiDrawStream function in the win32k.sys.
Other browsers or programs that call this function might be vulnerable, too.
Only on Safari?
Who the hell actually uses safari in windows? herpaderp.
Who the hell uses Safari on Windows? Dismissed!
Not that many, apparently. I installed it once just to see it, but have since then have had to reformat my computer due to a black screen, which I'm sure is unrelated, considering I never launched Safari since I'd installed and looked at it.
If this is a Safary only issue, it is a no problem, actually. market share of Safari in Windows 7 is irrelevant, though I'm sure MS will address the issue as if it was an actual menace.
not too long ago, when i went to a review website, one of the ads tried to execute a malformed java, inturn to run a exe file threw safari. Well the exe file terminated as I have execution disable bit enabled on my athlon 64bit/Vista 64bit.
I reported the virus to microsoft. And it was one they never sae yet.
So I say, safari has their proplems. Also upgrading to the latest version of safari, bricks your itunes/safari, so it can't access the internet. THe new safari uses multiple threads to download from the internet and render pages, well that engine has bugs and wont work on all computers, so I had to downgrade my safari.
I am just thankful for execution disable bit.
Microsoft: We have a workaround .. delete anything from Apple that may be on your system.
Microsoft: We have a workaround .. delete anything from Apple that may be on your system.
Straight! Hate servicing Windows machines with Apple software installed - a ton of junk in the Startup that has to be disabled... "NO, don't touch this, this is APPLE, this is for my iPod!!!" - if you're dumb enough to install all that bloatware for your iPod, at least make sure that it doesn't spawn 10 more things to slow down your system like it normally does.
Surely this is a Safari exploit and not a Windows one, otherwise all browsers would be affected?
Surely this is a Safari exploit and not a Windows one, otherwise all browsers would be affected?
In the interest of playing devils advocate, based solely on the article (specifically this line: ""The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.") I'd say they simply haven't tested for it on other browsers/versions of Windows. While that doesn't mean other browsers ARE affected, it also doesn't mean they AREN'T.
We'll have to wait and see what these researchers find.
Also, I laughed inside when Kevin made a point to say "independent" researchers. There's almost no such thing anymore.
Windows is a Swiss OS, always has been. If not no third party program could get kernel privileges. I'll stick with Linux or OS X for my real computing and leave Windose for games.
So Apple creates a vulnerability in Windows and you title the article:
"New Remotely Exploitable Vulnerability Found in 64-bit Win7"
Shouldn't a more responsible title be "Apple's Safari Browser creates New Remotely Exploitable Vulnerability when used on 64-bit Win7"
Trying to blame MS for an Apple created issue, pretty weak writing.
I use vista 64 ulltimate(stop laughing at me) am i also effected?
So Apple creates a vulnerability in Windows and you title the article:"New Remotely Exploitable Vulnerability Found in 64-bit Win7"Shouldn't a more responsible title be "Apple's Safari Browser creates New Remotely Exploitable Vulnerability when used on 64-bit Win7"Trying to blame MS for an Apple created issue, pretty weak writing.
The vulnerability is actually in a function that's part of Windows.
If Safari can call that function and execute arbitrary code, then so can other programs.
The vulnerability is there and crafty hackers will find ways to exploit it if Microsoft gives them enough time.
...a[n] exe file threw safari...
How far did the exe throw it? Did it throw it through a wall or something?
Big image in Safari and API function call, NtGdiDrawStream
// Private draw stream interface
__kernel_entry W32KAPI BOOL APIENTRY
NtGdiDrawStream(
__in HDC hdcDst,
__in ULONG cjIn,
__in_bcount(cjIn) VOID *pvIn
);
I am sure all the hackers need to do is launch some sort of kenel monitor andd see how Safari uses this function, the check other browsers, javascript, etc and find a way to emulate the same "blow the stack" condition.
and people always asked why i hate safari... and it also said this vulnerability was in windows 7 pro. not home premium or ultimate, most peopel that aren't on business computers dotn use pro. (i said MOST, dont troll)
People use safari on windows?
Apple software always causes my Windows 7 machines to have issues. This is just another example of their poor programming for Windows platform
I use it for developing sometimes...
This is a security flaw similar to what Charlie Miller has been taking advantage of at the PWN2OWN contests for the past couple of years. Basically, Safari can run any application or code unchecked on any device it has been installed on.
Old news is no news. Then again this news has nothing to do with a flaw in Windows. It's a flaw with Safari.
Who the hell uses Safari on Windows? Dismissed!
I use to use Safari on Windows. Till i took a sword to the chest.
Windows is a Swiss OS, always has been. If not no third party program could get kernel privileges. I'll stick with Linux or OS X for my real computing and leave Windose for games.
In hacking competitions, OS X is ALWAYS the first to go down. Why? Because of Safari. None of the big boys (Linux, Windows, OS X) are breakable in a stripped down system with nothing but essential software. OS X goes down in the Tier 2 test where all standard installed software for the given OS is included while Windows and Linux remain unbroken.
Another reason to stay away from Safari. I use Chrome myself.
It just works... doesn't it?