Advertisment

Qihoo 360 detects oldest vulnerability in MS OS

author-image
CIOL Bureau
Updated On
New Update

BEIJING, CHINA: Qihoo 360, China's network security services provider released an emergency network security warning, claiming that it has first discovered an Exploit Code of an 18-year latent high-risk 0day vulnerability that affects all Windows versions.

Advertisment

This vulnerability named as "elder" is very likely to confront worldwide computer users with a new round of malicious attacks, said a press release.

According to Dr. Shi Xiaohong, a security expert of Qihoo 360: "Since 1992, there has been a local privilege escalation vulnerability in the Windows operating system, through which hackers may seize the highest control of the system and easily undermine or prohibit any security software, including anti-virus software, firewall, proactive defense software, sand box and the system restore."

He continued, they can also hack around the UAC protection of Windows Vista/Win7 or elevate the privilege on a server website to take control of the vulnerability network server, and directly threaten the information security of government, enterprises, Internet bars and PC users.

Advertisment

"This 18-year latent high-risk 0day vulnerability will affect all Windows operating system versions including Windows NT4.0, Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 7, Windows Server 2008, etc.," added Dr. Shi Xiaohong.

He also claimed that the researchers in Qihoo 360 independently discovered this vulnerability at the end of October this year, and informed MSRC of the details of the vulnerability and demonstration program and assisted Microsoft to make the security patch for the vulnerability.

Qihoo 360's security experts suggested that previously Stuxnet has just used another Windows local privilege escalation vulnerability (CVE-2010-2743) to seize control of the system. This vulnerability first appeared in 1995 and has a latency of 15 years. In addition, in January 2010, Google's engineers also revealed an 'elder' vulnerability that existed since 1993.

tech-news