Results 1 to 2 of 2

Thread: 64-bit Operating Systems & Virtualization SW Vulnerable to Privilege Escalation !

  1. #1
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default 64-bit Operating Systems & Virtualization SW Vulnerable to Privilege Escalation !

    Hi !

    "64-bit Operating Systems, Virtualization Software Vulnerable to Privilege Escalation Attacks on Intel CPUs

    Some 64-bit operating systems and virtualization software programs are vulnerable to local privilege escalation attacks when running on Intel processors (CPUs),
    the U.S. Computer Emergency Readiness Team (US-CERT) said in a security advisory on Wednesday.



    The vulnerability is identified as CVE-2012-0217 and stems from the way Intel CPUs have implemented the SYSRET instruction in their x86-64 extension, known as Intel 64. Attackers could exploit the vulnerability to force Intel CPUs to return a general protection fault in privileged mode.
    This would allow them to execute code with kernel privileges from a least-privileged account, or to escape from a virtual machine and gain control of the host operating system.


    The vulnerability can only be exploited on Intel CPUs when the Intel 64 extension is in use. This means that 32-bit operating systems or virtualization software are not vulnerable.
    Some of the operating systems confirmed as vulnerable so far include x64-based versions of Windows 7 and Windows Server 2008 R2.
    The VMWare security response team confirmed that VMware's hypervisor does not make use of the SYSRET instruction and is, therefore, not vulnerable to this attack, US-CERT said.
    Most of the affected vendors have released security patches to address this vulnerability and users are advised to install them as soon as possible.

    Microsoft addressed it on Tuesday as part of its MS12-042 security bulletin."

    full story:
    http://www.pcworld.com/businesscente...ntel_cpus.html

    So if you havenīt already downloaded the latest security-updates from MS, then itīs a VERY good idea to do it if you are using the 64-bit version of W7 !

    Update: While editing the text before posting i made some errors, qoutation marks and the link to the source was missing.
    I have now corrected the text.

    Last edited by hackerman1; 15th June 2012 at 09:15.

  2. #2
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    Update: While editing the text before posting i made some errors, qoutation marks and the link to the source was missing.
    I have now corrected the text.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22