Microsoft probes new Windows kernel bug

Investigates Israeli researcher's vulnerability disclosure

Microsoft on Friday said it is investigating an unpatched vulnerability in Windows after an Israeli researcher revealed a bug in the operating system's kernel driver.

According to Gil Dabah, a researcher from Tel Aviv who goes by the nickname "arkon," the Windows' kernel harbors a heap overflow vulnerability. Dabah also posted a short proof-of-concept to demonstrate the bug on, a site he and two others run.

"Microsoft is investigating reports of a possible vulnerability in Windows Kernel," said Jerry Bryant on Friday. "Upon completion of the investigation, Microsoft will take appropriate actions to protect customers."

In an alert published Friday , Danish bug tracker Secunia pinpointed the bug in the "Win32k.sys" kernel-mode device driver, the kernel component of the Windows subsystem. Attackers could exploit the flaw using "GetClipboardData," an API (application programming interface) that retrieves data from the Window clipboard.

A successful exploit would allow hackers to execute their attack code in kernel mode, which would then let them infect the PC with malware or pillage any data on the machine.

The flaw exists in several versions of Windows, including XP SP3, Server 2003 R2, Vista, Windows 7 and Windows Server 2008 SP2, said Secunia, which rated the bug as "less critical," the firm's second-lowest threat ranking.

Microsoft has patched 13 Windows kernel vulnerabilities this year. In June, for example, MS10-032 patched three vulnerabilities in Win32k.sys; in April, it quashed eight bugs with MS10-021 ; and in February, MS10-015 fixed two flaws.

One researcher with experience digging up kernel bugs said the latest is business as usual. "I don't think there's been more than a few days this year that Microsoft [hasn't] been vulnerable to public kernel flaws," said Tavis Ormandy on Twitter . Ormandy reported three of this year's kernel vulnerabilities to Microsoft.

Most of those bugs were rated as "important," Microsoft's second-highest ranking, because they could not be exploited remotely, but required an attacker to have physical access to the PC and valid log-in credentials. It's likely that Dabah's find will as well.

Microsoft will issue 14 security updates , including 10 for Windows, on Tuesday. But unless the company found Dabah's flaw on its own, or the vulnerability was reported by another researcher earlier -- it's not unheard of for several researchers to stumble across the same bug -- a fix won't appear until September or later.

In the meantime, said Secunia, "Grant access [only] to trusted users."

Read more about security in Computerworld's Security Topic Center.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags MicrosoftsecuniasecurityWindowssoftwareoperating systems

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Cool Tech

ASUS ROG Swift PG279Q – Reign beyond virtual world

Learn more >

D-Link PowerLine AV2 2000 Gigabit Network Kit

Learn more >

Xiro Drone Xplorer V -3 Axis Gimbal & 1080p Full HD 14MP Camera

Learn more >

D-Link TAIPAN AC3200 Ultra Wi-Fi Modem Router (DSL-4320L)

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Crucial® BX200 SATA 2.5” 7mm (with 9.5mm adapter) Internal Solid State Drive

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >


Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Family Friendly

ASUS VivoPC VM62 - Incredibly Powerful, Unbelievably Small

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Stocking Stuffer

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Best Deals on Good Gear Guide

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.


Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?