Kernel-level Vulnerabilities Hit All Windows Versions


Microsoft on Friday announced to have launched an investigation into kernel-level vulnerability hitting Windows. As per reports, all versions of the Microsoft OS have been engulfed by the bug, including the heavily fortified Windows 7.

The probe was initiated following the revelation of vulnerability in Windows operating system's kernel driver by an Israeli researcher.

“Microsoft is investigating reports of a possible vulnerability in Windows Kernel”, claimed Jerry Bryant on Friday. “Upon completion of the investigation, Microsoft will take appropriate action to protect its customers”.

Researchers have claimed that the bug enables attackers to have an access to the system’s privileges, permitting them to remotely execute arbitrary code with kernel privileges.

The vulnerability is revealed to reside in “CreateDIBPalette( )” function of a device driver known as “Win32k.sys”. The device can be hampered by copying numerous color values into an improperly allocated buffer, vulnerability tracking service Secunia posted.

The attack hampers system’s fully functional installations of every supported Windows operating system, from Windows XP SP 3 to Windows Vista, 7, and Server 2008 as well.

However, the latter three versions boast of their in-built defenses developed to decrease the negative impact posed by security vulnerabilities.