A group security researchers has succeeded to bypass important security measures of Windows by changing just 1 bit. The problem in the Windows kernel exists in all Windows versions, including Windows 10 Technical Preview.
Microsoft has added several additional security measures to the Windows kernel over the years. These measures should make it harder for attackers to abuse possible leaks in the operating system and include Kernel DEP (ensures that most kernel data regions cannot be executed), KASLR (randomizes the kernel address-space to avoid figuring out where kernel modules exist), SMEP (prevents execution control transfers between kernel mode to user-mode) and Mitigation Of Common Attack Vectors (hardens commonly abused structures).
The discovered leak makes it possible for an attacker with access to a system to bypass all these Windows security measures and more. An exploit developed by the researchers changes a single bit to abuse the leak.
Microsoft was informed about the issue several months ago and patched the leak yesterday. The leak, demonstrated in this movie, allows an attacker to escalate privileges on a system, according to the description of Microsoft.
The researchers state they've demonstrated that even a small bug can provide full control over Windows, "nevertheless, we think that Microsoft efforts to make the its operating system more secure raised the bar significantly and made writing reliable exploits far harder than before."
Unfortunately these measures won't fully protect against attackers. Also cybercriminals will eventually develop similar exploits, according to the researchers.
