The Windows NT Win32k.sys Vulnerability can Trigger an Application Crash

As it is often said, no news is good news, and in many ways this could be true. I say this firstly because I have some news to announce and secondly because the news is indeed bad. Sounds scary, I know. But I'm writing this article not with the intention to frighten you, but to enlighten you on the latest security issues and help you avoid them.

I'm going to introduce you to a ‘hot' vulnerability which recently came up. It punched Microsoft Windows unmercifully. I'm talking about the Microsoft Windows NT 'win32k.sys' Local Denial of Service Vulnerability. Microsoft has confirmed it in Windows NT version 4.0. This security issue was fixed in the latest US Service Pack for Windows NT.

So how does this vulnerability work and spread? Not all Win32K functions, before the release of  SP2, properly validate input parameters. An attacker could write an errant application that sends incorrect parameters to a Win32K function resulting in the access violation of Win32k.sys. This violation would usually lead to Windows NT crashing with a STOP 0x0000001E blue screen error. That is to say that the vulnerability in Win32k.sys in Windows NT 4.0 before SP2, enables malicious users to create a denial of service condition. Affected platforms were confirmed and include the following:

• Microsoft, Windows NT 3.5.1 SP1;
• Microsoft, Windows NT 4.0.

Security has been a hot topic with Microsoft for a very long time. Microsoft itself has been the victim of numerous  security holes. Windows NT and its successors are created for security (also on networks) and multi-user PCs. However, at first it was not created with Internet security in mind, as in the early 1990s Internet use was less popular. The design issues associated with flawed code (for example buffer overflows) along with the popularity of Windows means that it's vulnerabilities are a regularly target of cybercriminals. Some of the files of Windows NT 4.0 may include but are not limited to the following:

Table 1.  Files related to Windows NT 4.0

I'm sure you may be asking what can i do?! The answer is, calm down. It is not that bad, and I also have some good news for you. Microsoft has found a solution to this security problem! Users who have encountered this type of vulnerability and want to remedy it are recommended to apply the latest Windows NT 4.0 Service Pack (SP2 or later), available on the Windows NT Service Packs Web page.