Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"i want to have direct deposit"
on Ads on Facebook serving up adware
by maria | Jul 5, 2009 7:54 AM
 
"lol"
on Internet filtering ineffective in fight against terror
by Tina | Jul 5, 2009 12:04 AM
 
"Good! Its very good blog the for the people who are having debit collection and credit report ..."
on Fake Microsoft anti-spyware site stealing credit card info
by identity theft lawyers | Jul 4, 2009 6:55 PM
 
"Thank you "
on Search engine promises completely private surfing
by Dr. Holub | Jul 4, 2009 11:17 AM
 
"Agree that wireless hotspots are an easy way for hackers to gather information from connected ..."
on New devices make hotspots a hacker's paradise
by Patrick Hooper | Jul 3, 2009 4:06 AM
Application Flaws

Vista kernel is vulnerable

  • Email a Friend
  • Print Page
Vista kernel is vulnerable
Related Articles
By Egan Orion
Nov 25, 2008 9:55 AM
Tags: Vista | kernel | vulnerable | Windows | Microsoft
A flaw has been discovered in Microsoft's flagship Windows Vista operating system.
A flaw has been discovered in Microsoft's flagship Windows Vista operating system, but the company has said it won't fix the glitch until its next, as-yet unannounced, service pack.

Discovered by Austrian researcher Thomas Unterleitner of the insecurity company Phion and announced last Friday, the buffer overflow flaw reportedly exists in Vista's networking I/O subsystem.

It can cause a blue screen of death system crash, allow denial of service attacks, or enable injection of rootkits or other malware such as viruses, trojans, bots or keyloggers.

Unterleitner told ZDnet UK that Phion had notified Microsoft of the vulnerability in October.

Phion successfully tested an exploit of the vulnerability against Vista Enterprise and Vista Ultimate and believes that other versions of Windows Vista are "very likely" also vulnerable. It says that both 32-bit and 64-bit versions of the operating system contain the flawed code.

Windows XP reportedly doesn't contain the vulnerability.

Unterleitner said administrator privileges are required to execute a program that calls the function containing the flaw, but that doesn't seem like much of a hurdle, since Vista trains its users to click on "OK" to all sorts of security warnings.

He also said it appeared possible, though not yet confirmed, that an attacker might craft a malformed DHCP packet to "take advantage of the exploit without administrative rights."

"We have worked together with Microsoft Security Response Center in Redmond since October 2008 to locate, classify and fix this bug," Unterleitner reportedly said in an email. "Microsoft will ship a fix for this exploit with the next Vista service pack."

However, Microsoft said that it had investigated but was "currently unaware of any attacks trying to use the vulnerability or of customer impact." Nor could it confirm that a fix will be included in the next Vista service pack or project when it might get around to releasing that. µ

L'Inq Cnet

theinquirer.net (c) 2009 Incisive Media

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Exclusive Data Centre - Sponsored Content by Microsoft
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
bogus explorer fix flaw infected internet malware microsoft office patch patches powerpoint security sp2 tuesday vista vulnerability windows windows7 word