Microsoft Warns of Bug in Windows Kernel -- Redmond Channel Partner

Microsoft Issues Alert on Windows Kernel Bug

By Jabulani Leffall
January 21, 2010

On the eve of releasing an out-of-band Internet Explorer patch, Microsoft issued a new security advisory involving an obscure Windows kernel bug.

According to the advisory, an elevation of privilege exploit has been present in all 32-bit Windows versions since Windows NT. Possibly, this bug has been accessible for about 17 years, although someone exploiting it would need a network account to accomplish the deed.

The advisory says the bug affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7.

"Microsoft is investigating new public claims of a possible vulnerability in Windows," wrote Jerry Bryant, Microsoft's senior security program manager, in an e-mailed statement. "We are currently not aware of active attacks against this vulnerability and believe risk to customers, at this time, is limited."

Bryant added that to exploit this vulnerability, an attacker must "already have valid logon credentials and be able to log on to a system locally." The attacker would need to have an account established on the system and then run a program to take advantage of the flaw. Possibly, it might be exploited by a company insider or someone already trusted.

In any case, the attacker could elevate his privileges on the network to the administrative level, Bryant said.

The bug is based on the MS DOS system, first introduced in 1993. Computers using Windows for x64-based and Itanium systems aren't affected. Microsoft describes a workaround in the security advisory that will prevent access to 16-bit applications as a consequence of avoiding the bug.

Microsoft plans to "provide a security update on an upcoming Patch Tuesday release," according to the security advisory.

Google security team member Tavis Ormandy, who publicized the bug, said in numerous reports that he informed Microsoft of this hole on June 12, 2009. Security experts have noted the long time it has taken for Microsoft to respond. However, to Microsoft's credit, it has dealt with more than 80 vulnerabilities affecting Windows through 2009.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Free Webcast! Learn about Password Management Best Practices

Featured

Microsoft Unveils AI Researcher and Analyst Agents for 365 Copilot Users

Microsoft on Tuesday introduced two advanced AI agents -- Researcher and Analyst -- designed to bring deeper reasoning capabilities to Microsoft 365 Copilot.
2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
Google To Acquire Cloud Startup Wiz for $32 Billion

Google has announced a pending agreement to acquire Wiz Inc., a cloud security platform, in an all-cash deal worth $32 billion.
FTC Expands Microsoft Antitrust Investigation Under Trump Administration

The Federal Trade Commission (FTC) is pressing ahead with a broad investigation into Microsoft's business practices, an inquiry that began in the final weeks of the Biden administration.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Microsoft Issues Alert on Windows Kernel Bug

Featured

Microsoft Unveils AI Researcher and Analyst Agents for 365 Copilot Users

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Google To Acquire Cloud Startup Wiz for $32 Billion

FTC Expands Microsoft Antitrust Investigation Under Trump Administration

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Unveils AI Researcher and Analyst Agents for 365 Copilot Users

Microsoft to Shut Down Skype Services

The Partner Case for Dogfooding AI

The Rise of the Channel Toolsmith: How Vendors Became MSP Enablers

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Unveils AI Researcher and Analyst Agents for 365 Copilot Users

Microsoft to Shut Down Skype Services

The Partner Case for Dogfooding AI

The Rise of the Channel Toolsmith: How Vendors Became MSP Enablers

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Future-Proofing Tax Strategy Amid Global Challenges with Vertex O-Series Cloud

Tech Talk | What Keeps MSPs Up at Night? Addressing Key Risks and Building Resilience

Unlocking a New Era of Tax Automation within Microsoft Dynamics 365: Introducing Vertex's API-Based Tax Integration

Unlocking Revenue Growth with Vertex and Microsoft: A Winning Partnership

FREE WHITE PAPERS FROM OUR SPONSORS

Unlock the benefits of Microsoft Azure partnership

How Retailers Can Overcome 7 Common Tax Compliance Challenges

Tax Challenges Affecting the Manufacturing Industry

Data Analytics Drive Supply Chain Optimization