Vulnerability enabled attackers to bypass all Windows protections by changing a single bit

Posted on Friday, Feb 13 2015 @ 12:25 CET by Thomas De Maesschalck
Microsoft logo
SecurityWeek writes Microsoft plugged a security vulnerability (CVE-2015-0057) earlier this week that enabled attackers to bypass all security measures in Windows by modifying a single bit. If an attacker gained access to your machine (say, through a phishing campaign), he could exploit this bug to bypass all Windows security layers, including sandboxing, kernel segregation and memory randomization.
The vulnerability (CVE-2015-0057), rated “important,” affects the Windows kernel-mode driver (Win32k.sys) and is caused by the improper handling of objects in memory. According to Microsoft, an attacker who manages to log in to the targeted system can “gain elevated privileges and read arbitrary amounts of kernel memory,” which would allow them to install software, view and change data, and create new accounts with full administrative rights.

The security hole was identified and reported to Microsoft a few months ago by the security firm enSilo. In a blog post published on Tuesday, enSilo CTO Udi Yavo revealed that they have created a fully working exploit that can be used to bypass all security measures by modifying a single bit in the operating system.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments