Unknown to tens of millions of users, a hidden security vulnerability has been lurking on many Intel-based Windows PCs for the past six years.
The vulnerability was found by researcher Rafal Wojtczuk from security firm Bromium. Wojtczuk announced his findings at the Black Hat security conference here in Las Vegas. According to Wojtczuk, the vulnerability he re-discovered was actually first exposed and patched six years ago, albeit only on Linux systems.
The vulnerability involves the unsafe use of an Intel CPU instruction called ‘sysret’. The risk is that if left unpatched, an attacker could have executed a user-to-kernel privilege escalation attack. In such an attack, the attacker could potential get system access and then execute arbitrary code.
Read the full story at eSecurityPlanet:
Black Hat: Wintel Flaw Remained Unpatched For Six Years
Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.