Windows 7 32-bit kernel vulnerability

This was taken from a C-Net Article dated January 21st 2010. It may be old news but it is certainly still going to be prevalent as it is not that old.

Microsoft is warning customers of a hole in the kernel of 32-bit versions of Windows that could allow someone to install programs, change data, or create new accounts with full user rights.

The vulnerability, caused by the Windows kernel not properly handling certain exceptions, affects 32-bit versions of Windows 7, Vista, XP, 2000, and Server 2003 and 2008, according to the security advisory released on Wednesday night. It does not affect 64-bit versions of Windows.

"We are not currently aware of any active attacks against this vulnerability, and Microsoft believes the risk to customers, at this time, is limited," Jerry Bryant, senior security program manager at Microsoft, said in a statement.

To exploit the vulnerability an attacker would need to have valid logon credentials and be able to log onto a system locally. Once logged on, the attacker could elevate privileges to the administrative level and run any programs, Bryant said.

A link to the Full Disclosure article has been included

Reference: 

http://seclists.org/fulldisclosure/2010/Jan/341

http://news.cnet.com/8301-27080_3-10438924-245.html