AusCERT has become aware of a potentially serious new Windows 7 (64 bit version) vulnerability, exposing a flaw in win32k.sys. A Twitter user, with the handle w3bd3vil, tweeted HTML code that causes a BSOD (blue screen of death aka system crash) if viewed using Apple's Safari browser. At this stage only the BSOD has been unofficially reported, however the vulnerability could evolve "into a local privilege escalation issue or a remote code execution as admin problem". [1] AusCERT will continue monitoring this vulnerability, providing an update if official sources confirm its accuracy.

Olivia Swann
Information Security Analyst
AusCERT

[1] New Vulnerability in Windows 7 64 bit