Here is a Q&A session to address some questions we have received since yesterday:
1) What versions of Microsoft Windows are affected by this flaw?
The released exploit hit only Windows Vista and Windows 7. We have found that the flaw affects Windows XP, Windows Server 2003 and Windows Server 2008 as well – both x86 and x64.
2) Can this flaw be exploited from remote?
No it can’t. It is a local privilege escalation exploit. This means that the potential malware must be already in the target machine to exploit this flaw.
3) Why is this flaw considered critical?
This flaw allows all software, even if run from a limited account, to gain system privileges. We see many of drive-by attacks, which make use of application exploits to drop malware on vulnerable machines. While there are still a huge number of customers who are used to run their operating system with administrative privileges, most users are using limited accounts or administrator accounts in Admin Approval Mode (User Account Control). Using a limited account gives them a great advantage versus malware, because it limits the vulnerable surface the malware can damage. This 0-day exploit allows a malware that has already been dropped on the system to bypass these limitations and get the full control of the system.
4) How can I defend my PC from this exploit?
Until Microsoft releases a patch, you can install Prevx Antimalware from our website. Our software has been updated to prevent this exploit from working since build release 3.0.5.220. (download here) You don’t even need to pay for a license, the protection is already active even in the free version of Prevx. Then, of course, if you like the software, we’d be pleased to defend your system security 
Also, you must always keep your system up to date, by installing Windows updates. Moreover you need to keep every software you’ve installed in your PC up to date, to limit as much as possible all potential attack vectors. Do not surf unsafe websites like porn websites or crack/warez websites, they are often vehicle of malware. Be careful when you download anything from peer to peer applications like eMule.
5) Will Microsoft release a patch to address this flaw?
Microsoft is actively working to analyze the flaw and fix this issue as soon as possible.
6) Where I can find a description of the exploit?
We haven’t released any in-depth technical detail about the exploit, even though the whole exploit code is already public on the web. The flaw is a stack overflow in Win32k driver which can be exploited to gain code execution in kernel mode. More details at this link]]>
View the original article at Prevx Blog
