If you want to watch one of the fastest blue screens ever, just watch the video above. It demonstrates a yet-to-be-patch flaw in the 64-bit version of Windows 7 that not only crashes the OS, but compromise the system, according to software security company Secunia.
Secunia’s advisory says the problem is within “win32k.sys” a core Windows file, and is triggered when an extremely large height value is set for an “iframe” — a tag that allows you to embed one webpage inside another. If used properly, the bug can be used to execute code at the same access level as the kernel. Which is fairly high on the permissions ladder, as you can imagine.
It was first reported on Twitter by user webDEViL on December 16.
Why you probably haven’t noticed this vulnerability is because it only affects Apple’s Safari browser, which isn’t exactly hogging drive space on Windows PCs. While it shares the WebKit layout engine with Google Chrome, this bug hasn’t appeared in the latter program.
Until Microsoft gets around to fixing the problem, the best thing to do is, well, not use Safari.
[Secunia, via The Register]
Jack
Monday, December 26, 2011 at 1:11 PMwow… (no sarcasm intended)
Park Ranger 504
Monday, December 26, 2011 at 2:47 PMHah! Who in their right mind would use Safari by choice anyway?! ESPECIALLY on a non-apple system…
Simon
Monday, December 26, 2011 at 3:10 PMSo it is a bug in Safari that Microsoft has to fix? huh
Logan Booker
Monday, December 26, 2011 at 3:16 PMI thought it’d be an issue with Safari, but according to the Secunia report, it’s something MS will have to fix.
Kroo
Monday, December 26, 2011 at 5:45 PMI gather you can’t read too well, but to quote the software security company who found the bug, “the problem is within “win32k.sys” a core Windows file”. Nice to know windoze hasn’t altered one bit. Programs don’t crash the OS on Linux or Unix OS’s. Enjoy your BSOD.
don
Tuesday, December 27, 2011 at 12:46 AMit probably was found by accident, of course nothing is perfect, eventually if more than 10 people will use linux they might find a bug as well that will crash it, one more thing, haven’t had bsod on my win7 ever on my 4 year old laptop designed for xp
Kroo
Tuesday, December 27, 2011 at 11:20 AMThe Unix and Linux core systems are isolated or sandboxed from running programs or applications, and under OSX Lion, its even more secured from buggy apps. Why microsoft still allow their systems be linked by third party programs just baffles many in the IT world. Its why windows is still the most vulnerable OS around. Instead of microsoft writing a nice looking gui, they should have pigeon holed the core systems, but they didn’t. You have to ask, why not?
olearymo
Wednesday, December 28, 2011 at 9:56 AMyeah… never crash… right… it’s just my imagination… <_<
Andrew
Monday, December 26, 2011 at 4:16 PMAah, Safari.. Pwn2Own’s habitual loser.
Blue Scr3en Of Death
Monday, December 26, 2011 at 4:34 PMOr, you know, you could just click this http://dl.dropbox.com/u/12860924/BSOD/bsod.html then instantly press f11 :P