Sign in with
Sign up | Sign in

New Remotely Exploitable Vulnerability Found in 64-bit Win7

By - Source: ThreatPost | B 42 comments

An independent researcher has discovered a remotely exploitable vulnerability in Windows 7 that's linked to Apple's Safari browser.

Threat Post, a Kaspersky Lab security news service, reports that researchers are now warning about a new remotely exploitable vulnerability discovered in the 64-bit version of Windows 7. This vulnerability can be used by an attacker to run arbitrary code with kernel-mode privileges on a vulnerable machine.

The problem was first reported days ago by an independent researcher via Twitter, but has since been confirmed by Secunia. He claimed to have discovered a method for exploiting the vulnerability by simply feeding an iframe with an overly large height to Safari.

"A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system," reads the Secunia warning. "The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser."

"The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit," the warning adds. "Other versions may also be affected."

After the exploit was reported, Microsoft didn't confirm the problem, but merely stated that it was investigating the evidence. "We are currently examining the issue and will take appropriate action to help ensure the customers are protected," said Jerry Bryant, group manager of response communications in Microsoft's Trustworhty Computing Group.

As indicated, the only known attack vector for this specific vulnerability is through the use of Apple's Safari browser on Windows 7. As of November 2011, the Safari browser commanded only 5.92-percent of the browser market, so there doesn't seem to be a potential widespread problem. So far there's no indication that the three most popular browsers -- Internet Explorer (40.63-percent), Chrome (25.69-percent) and Firefox (25.23-percent) -- share a similar vulnerability when used in Windows 7.

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 36 Hide
    amk-aka-Phantom , December 22, 2011 8:10 AM
    Quote:
    An independent researcher has discovered a remotely exploitable vulnerability in Windows 7 that's linked to Apple's Safari browser.


    Who the hell uses Safari on Windows? :lol:  Dismissed!
  • 26 Hide
    teodoreh , December 22, 2011 8:23 AM
    Safari - ahahahahahahahaha
  • 24 Hide
    amuffin , December 22, 2011 8:19 AM
    nice try apple but we arent that stupid :non: 
Other Comments
    Display all 42 comments.
  • 23 Hide
    nikorr , December 22, 2011 8:06 AM
    Only on Safari?
  • 36 Hide
    amk-aka-Phantom , December 22, 2011 8:10 AM
    Quote:
    An independent researcher has discovered a remotely exploitable vulnerability in Windows 7 that's linked to Apple's Safari browser.


    Who the hell uses Safari on Windows? :lol:  Dismissed!
  • 0 Hide
    alyoshka , December 22, 2011 8:14 AM
    Well, it had to be the best Antivirus in town too.... :) 
  • 22 Hide
    mrmaia , December 22, 2011 8:16 AM
    I think this is a move from Apple to screw Microsoft :lol: 
  • 24 Hide
    amuffin , December 22, 2011 8:19 AM
    nice try apple but we arent that stupid :non: 
  • 26 Hide
    teodoreh , December 22, 2011 8:23 AM
    Safari - ahahahahahahahaha
  • 12 Hide
    molo9000 , December 22, 2011 8:27 AM
    The actual vulnerability is in the NtGdiDrawStream function in the win32k.sys.

    Other browsers or programs that call this function might be vulnerable, too.
  • 3 Hide
    JOSHSKORN , December 22, 2011 8:37 AM
    nikorrOnly on Safari?

    Quote:
    So far there's no indication that the three most popular browsers -- Internet Explorer (40.63-percent), Chrome (25.69-percent) and Firefox (25.23-percent) -- share a similar vulnerability when used in Windows 7.
  • 23 Hide
    ichihaifu , December 22, 2011 8:38 AM
    Who the hell actually uses safari in windows? herpaderp.
  • 4 Hide
    JOSHSKORN , December 22, 2011 8:41 AM
    amk-aka-phantomWho the hell uses Safari on Windows? Dismissed!

    Quote:
    As of November 2011, the Safari browser commanded only 5.92-percent of the browser market, so there doesn't seem to be a potential widespread problem.

    Not that many, apparently. I installed it once just to see it, but have since then have had to reformat my computer due to a black screen, which I'm sure is unrelated, considering I never launched Safari since I'd installed and looked at it.
  • 13 Hide
    f-gomes , December 22, 2011 8:43 AM
    If this is a Safary only issue, it is a no problem, actually. market share of Safari in Windows 7 is irrelevant, though I'm sure MS will address the issue as if it was an actual menace.
  • 2 Hide
    shqtth , December 22, 2011 9:18 AM
    not too long ago, when i went to a review website, one of the ads tried to execute a malformed java, inturn to run a exe file threw safari. Well the exe file terminated as I have execution disable bit enabled on my athlon 64bit/Vista 64bit.

    I reported the virus to microsoft. And it was one they never sae yet.

    So I say, safari has their proplems. Also upgrading to the latest version of safari, bricks your itunes/safari, so it can't access the internet. THe new safari uses multiple threads to download from the internet and render pages, well that engine has bugs and wont work on all computers, so I had to downgrade my safari.

    I am just thankful for execution disable bit.
  • 18 Hide
    QEFX , December 22, 2011 9:46 AM
    Microsoft: We have a workaround .. delete anything from Apple that may be on your system.
  • 11 Hide
    amk-aka-Phantom , December 22, 2011 10:08 AM
    qefxMicrosoft: We have a workaround .. delete anything from Apple that may be on your system.


    Straight! Hate servicing Windows machines with Apple software installed - a ton of junk in the Startup that has to be disabled... "NO, don't touch this, this is APPLE, this is for my iPod!!!" - if you're dumb enough to install all that bloatware for your iPod, at least make sure that it doesn't spawn 10 more things to slow down your system like it normally does.
  • 4 Hide
    DaveUK , December 22, 2011 10:28 AM
    Surely this is a Safari exploit and not a Windows one, otherwise all browsers would be affected?
  • 1 Hide
    guardianangel42 , December 22, 2011 11:01 AM
    DaveUKSurely this is a Safari exploit and not a Windows one, otherwise all browsers would be affected?


    In the interest of playing devils advocate, based solely on the article (specifically this line: ""The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.") I'd say they simply haven't tested for it on other browsers/versions of Windows. While that doesn't mean other browsers ARE affected, it also doesn't mean they AREN'T.

    We'll have to wait and see what these researchers find.

    Also, I laughed inside when Kevin made a point to say "independent" researchers. There's almost no such thing anymore.
  • -4 Hide
    sissysue , December 22, 2011 11:06 AM
    Windows is a Swiss OS, always has been. If not no third party program could get kernel privileges. I'll stick with Linux or OS X for my real computing and leave Windose for games.
  • 3 Hide
    silentbobdc , December 22, 2011 11:20 AM
    So Apple creates a vulnerability in Windows and you title the article:

    "New Remotely Exploitable Vulnerability Found in 64-bit Win7"

    Shouldn't a more responsible title be "Apple's Safari Browser creates New Remotely Exploitable Vulnerability when used on 64-bit Win7"

    Trying to blame MS for an Apple created issue, pretty weak writing.
  • 3 Hide
    maximiza , December 22, 2011 11:40 AM
    I use vista 64 ulltimate(stop laughing at me) am i also effected?
  • 5 Hide
    molo9000 , December 22, 2011 11:46 AM
    silentbobdcSo Apple creates a vulnerability in Windows and you title the article:"New Remotely Exploitable Vulnerability Found in 64-bit Win7"Shouldn't a more responsible title be "Apple's Safari Browser creates New Remotely Exploitable Vulnerability when used on 64-bit Win7"Trying to blame MS for an Apple created issue, pretty weak writing.


    The vulnerability is actually in a function that's part of Windows.

    If Safari can call that function and execute arbitrary code, then so can other programs.
    The vulnerability is there and crafty hackers will find ways to exploit it if Microsoft gives them enough time.
Display more comments