This isn't exactly what could be defined a lucky year for Microsoft. If Windows 7 sales are booming, on the other hand the operating system made-in-Redmond has been hit hard by a lot of targetted attacks during these months. Aurora exploit is just the first of the year, but the most serious attack has definitely been the Stuxnet case. Finding a 0day exploit is always difficult, but using four 0day exploits all together is actually impressive.

Yesterday another serious 0-day flaw has been publically disclosed on a Chinese board.

This is a serious flaw because it resides in win32k.sys, the kernel mode part of the Windows subsystem. It is a privilege escalation exploit which allows even limited user accounts to execute arbitrary code in kernel mode.

Win32k.sys's NtGdiEnableEUDC API is not rightly validating some inputs, causing a stack overflow and overwriting the return address stored on the stack. A malicious attacker is able to redirect the overwritten return address to his malicious code and execute it with kernel mode privileges.

Being a privilege escalation exploit, it bypasses by design even the protection given by the User Account Control and Limited User Account technology implemented in Windows Vista and Windows 7. All Windows XP/Vista/7 both 32 and 64 bit are vulnerable to this attack.

Good news is that we have not yet detected any malware exploiting this flaw. Bad news is that the flaw has been published online. This could potentially become a nightmare due to the nature of the flaw. We expect to see this exploit being actively used by malware very soon - it's an opportunity that malware writers surely won't miss.

We won't disclose any further detail about the vulnerability at the moment because we are collaborating with Microsoft on this flaw.