"Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape," they explained in a recently released advisory.
Among the systems affected are the 64-bit version of Windows 7 and Windows Server 2008 R2, as well as FreeBSD, NetBSD, RedHat, and a host of systems employing the Xen hypervisor.
VMware's virtualization software is not affected, and neither are AMD's processors, as they do not use the SYSRET instruction whose incorrect handling causes the flaw or handle it differently.
Many of the affected vendors have already pushed out an update that defuses the flaw.
Microsoft did it and warned about it during this month's Patch Tuesday, and pointed out that the vulnerability can be exploited only locally, and by an attacker that has valid logon credentials.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.