Recently, Security professionals have revealed an exploit that can bypass user account control (UAC) feature of the latest Window Operating Systems such as Windows Vista and Windows 7.
A proof-of-concept code (POC) regarding the vulnerability is in circulation.
The code discloses details regarding the methodology for exposing vulnerabilities in the Windows Kernel Application Programming Interface (API).
Microsoft has acknowledged the existence of the vulnerability and is expected to issue patch as part of its monthly security updates, in due course.
Microsoft releases security updates on second Tuesday of each month.
The real risk from the vulnerability is its exploitation by Stuxnet worm.
Recently, Stuxnet worm was in the news for attack on industrial control systems across the world.
Apprehensions have been expressed on the purpose behind the Stuxnet worm.
Stuxnet has triggered fears of imminent cyber war among nations or by underground cybercrime groups and terrorist organizations.
The threat has created new challenges for information security professionals in securing critical installations of national importance.
Attackers can create and gain administrative privileges on the compromised systemthrough the Windows Task Scheduler by using JavaScript and VBScript.
Security Professionals warn that the attack would be more effective when combined with the invalid flag reference vulnerability of the Internet Explorer.
Ethical hacking is used by Information security professionals to ascertain the attack vectors and initiating corrective action.
Security administrators and Internet users must adhere to the monthly security advisories from Microsoft and other software developers to protect their systems and networks from being compromised.