Israeli researcher Gil Dabah Friday published a new Windows vulnerability that allows a local user to deliver a ‘blue-screen of death’ crash to all current, supported versions of Windows; thereby theoretically enabling attackers to run code of their choice with kernel privileges.

According to the information forwarded by Dabah, the flaw lies in ‘win32k. sys’ – a kernel-mode component that handles most of the key Windows features, such as window management and 2D graphics.

Since the particular vulnerability is in the component’s handling of the system clipboard, the system can either be made to corrupt the screen or crash outright if especially malformed data is placed onto the clipboard.

Though in the early days of Windows, the win32k. sys component did not run in kernel mode, the move to kernel mode – which came for Windows NT 4 – brought about the flaw to affect Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, for both x86 and x64, both with or without Service Packs.

However, since the flaw has received a “Less Critical” rating – which means the lack of remote exploitability of the flaw and the difficulties in using it for the execution of an attacker’s code - by security group Secunia, Microsoft has not yet announced a patch for it even though the company is aware of the existence of the vulnerability.