qubit
Overclocked quantum bit
- Joined
- Dec 6, 2007
- Messages
- 17,865 (2.87/day)
- Location
- Quantum Well UK
System Name | Quantumville™ |
---|---|
Processor | Intel Core i7-2700K @ 4GHz |
Motherboard | Asus P8Z68-V PRO/GEN3 |
Cooling | Noctua NH-D14 |
Memory | 16GB (2 x 8GB Corsair Vengeance Black DDR3 PC3-12800 C9 1600MHz) |
Video Card(s) | MSI RTX 2080 SUPER Gaming X Trio |
Storage | Samsung 850 Pro 256GB | WD Black 4TB | WD Blue 6TB |
Display(s) | ASUS ROG Strix XG27UQR (4K, 144Hz, G-SYNC compatible) | Asus MG28UQ (4K, 60Hz, FreeSync compatible) |
Case | Cooler Master HAF 922 |
Audio Device(s) | Creative Sound Blaster X-Fi Fatal1ty PCIe |
Power Supply | Corsair AX1600i |
Mouse | Microsoft Intellimouse Pro - Black Shadow |
Keyboard | Yes |
Software | Windows 10 Pro 64-bit |
To make this delicious poison dish, simply take a large dollop of Windows 7 Professional, mix it with a portion of Safari and add a dash of special iFrame sauce and voila! instant Blue Screen of Death. The flaw is triggered by running Apple's Safari web browser on a fully patched 64-bit Windows 7 Professional, then feeding it a web page containing a simple iFrame with an overly long height attribute, like this: < iframe height='18082563'></iframe> (remove the space after the first angle bracket) Result: Windows 7 falls over instantly with a memory corruption error. Ouch. Interestingly, it seems that 32-bit Windows 7 doesn't suffer from this vulnerability and neither does XP SP3 32-bit, although this is by no means certain at this point. The flaw appears to be in the win32k.sys kernel-mode driver, which is a common source of critical Windows vulnerabilities. It was first reported by Twitter user webDEViL (@w3bd3vil) and being a zero day vulnerability, there's currently no fix or workaround for it. However, the worst part about this critical vulnerability, is that Safari runs 100% in User Mode, which is effectively a type of sandbox, preventing an application from bringing down Windows, regardless of what it does. There's obviously a little loophole here though.
To prevent a malicious web page from taking out Windows 7 at the moment, inspection of every web page before being rendered by the browser would have to be performed by installed security software, which would tend to reduce browsing performance and increase CPU usage. Alternatively, just don't use Safari.
Respected security outfit Secunia has looked at this vulnerability and believe that the crash could be used to execute malicious code, rather than just kill the operating system. They have issued advisory SA47237 about this problem:
As can be expected, this rather embarrassing zero day security flaw is being urgently looked into by Microsoft: "We are currently examining the issue and will take appropriate action to help ensure customers are protected" said Jerry Bryant, Group Manager, Response Communications Microsoft Trustworthy Computing. Of course, one must ask why is it only Safari that does this, so Apple should be equally concerned to fix their browser.
Below is an 11 second video demonstration of the flaw:
View at TechPowerUp Main Site
To prevent a malicious web page from taking out Windows 7 at the moment, inspection of every web page before being rendered by the browser would have to be performed by installed security software, which would tend to reduce browsing performance and increase CPU usage. Alternatively, just don't use Safari.
Respected security outfit Secunia has looked at this vulnerability and believe that the crash could be used to execute malicious code, rather than just kill the operating system. They have issued advisory SA47237 about this problem:
Additionally, Secunia's chief security specialist Carsten Eiram, expanded on this problem:Description
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to a flaw in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser.
Successful exploitation may allow execution of arbitrary code with kernel-mode privileges.
The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.
Solution
No effective solution is currently available.
Provided and/or discovered by
webDEViL
Original Advisory
https://twitter.com/#!/w3bd3vil/status/148454992989261824
Based on our testing the impact could be more severe due to the type of crash and nature of the vulnerability i.e. crashing when attempting to write to invalid memory in a call to memmove(). Based on this we do consider remote code execution a possibility though it has not been proven at this time.
Other 64-bit versions could be affected. During testing we observed no crashes on Windows XP SP3 32-bit nor Windows 7 32-bit, but cannot completely rule out that these could be affected via different approaches.
As can be expected, this rather embarrassing zero day security flaw is being urgently looked into by Microsoft: "We are currently examining the issue and will take appropriate action to help ensure customers are protected" said Jerry Bryant, Group Manager, Response Communications Microsoft Trustworthy Computing. Of course, one must ask why is it only Safari that does this, so Apple should be equally concerned to fix their browser.
Below is an 11 second video demonstration of the flaw:
View at TechPowerUp Main Site
Last edited by a moderator: