Monday, November 29, 2010

Microsoft Downplays 'Nightmare' Windows Kernel Flaw

A new exploit allows attackers to bypass UAC and execute code with administrative privileges. The good news, Microsoft says, is that it does not allow remote code execution on its own. So when patch day comes around don’t be lazy and keep ignoring it for 4 hours at a time for a week straight.

Attackers would have to combine the exploit with other malicious code that takes advantage of another vulnerability on the machine -- not necessarily one in Windows, but in any commonly-installed application, such as Adobe Reader, for example -- to hijack a PC and bypass UAC

Read on