Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Not open for further replies.
1 - 3 of 3 Posts

7,103 Posts
Discussion Starter · #1 ·
Experts Spot Security Flaw In Windows Vista Software
Skip directly to the full story.

By ANICK JESDANUN The Associated Press

Published: Dec 27, 2006

NEW YORK - Windows Vista, the new computer operating system that Microsoft Corp. is touting as its most secure, contains a programming flaw that might let hackers gain full control of vulnerable computers.

Microsoft and independent security researchers tried to play down the risk from the flaw, which was posted on a Russian site recently and is apparently the first affecting the Vista system released to larger businesses in late November.

The software company said it is investigating the threat but has found that a hacker must already have access to the vulnerable computer to execute an attack.

That could happen if someone is sitting in front of the PC or otherwise gets the computer's owner to install rogue software, said Mikko Hypponen, chief research officer for Finnish security research company F-Secure Corp.

"The bottom line is you couldn't use a vulnerability like this to write a worm or hack a Vista system remotely," Hypponen said Tuesday. "It only has historical significance in that it's the first reported vulnerability that also affects Vista. It's a nonevent in other ways."

Attackers with low-level access privileges on a vulnerable machine could theoretically use the flaw to bump up their status, ultimately gaining systemwide control, Hypponen said.

The flaw affects older Windows systems, too, and Hypponen said vulnerabilities like these are quite common and can be fixed with a software patch. The flaw remains a proof of concept, with no one known to have launched an attack with it, Hypponen said.

In a posting on Microsoft's security-response Web journal, senior security manager Mike Reavey said he remained confident "Windows Vista is our most secure platform to date."
1 - 3 of 3 Posts
Not open for further replies.