As reported earlier this week by Infosecurity’s sister publication, Computer Weekly, a security researcher known as ‘Arkon’ publicly disclosed a vulnerability for Windows Kernel-mode drivers (win3232k.sys) that affects all currently supported Windows operating systems.
The researcher claimed this vulnerability was difficult to exploit and felt comfortable with public disclosure.
Jerry Bryant, group manager, response communications, for the Microsoft Security Response Center said Microsoft is investigating the problem, but that it would not issue a new security advisory on the issue because of its lack of severity.
Writing on the MSRC blog, Bryant said that investigation into the matter is ongoing, and an advisory on the matter would be included in a future security update.
“We are now able to report that this is a local elevation of privilege vulnerability only”, Bryant said.
“This type of issue allows attackers to gain system-level privileges after they have already obtained an account on the target system. For this issue to be exploited, an attacker must have valid log-on credentials on the target system and be able to log on locally, or must already have code running on the target system.”
Bryant added that the exploit could not be executed remotely or by an anonymous user. He also assured that Microsoft would monitor the situation for any changes and advise accordingly.