toggle

AAPL Stock: 562.29 ( -3.03 )

First post-completion Vista exploit surfaces

updated 05:15 pm EST, Fri December 22, 2006

Vista exploit surfaces


The first exploit since the completion of Windows Vista has surfaced, according to a confirmation by Microsoft Security Response Center head Mike Reavey. The vulnerability corrupts Windows' MessageBox protocol to raise system privileges, which could result in much more control over a system than what Microsoft allows by default. Although the exploit is currently limited to a proof of concept released on a Russian forum and demands that the malicious user already have administrative access, it has already garnered attention for challenging Microsoft's claim that Vista is more secure than its predecessors, according to Electronista. The attack is known to work across multiple versions of Windows -- including Windows 2000, says Reavey. Microsoft does not believe the threat to be serious but promises to closely follow any attempts to use it in the wild.


by MacNN Staff

print
email
(12)

TAGS :

 industry

Related Articles

Recent Articles

toggle

Comments

  1. unity@mac.com

    Fresh-Faced Recruit

    Joined: Sep 2005

    0
    12/22, 07:13pm | report spam | Reply |

    Well...

    So it begins.

  1. Spacemoose

    Fresh-Faced Recruit

    Joined: Feb 2004

    0
    12/23, 12:45am | report spam | Reply |

    Give me a break...

    Let's not be hypocrites. When a very similar 'vulnerability' was touted for the Mac, we all castigated the 'journalists' for thier non-story.

    Vista will be riddled with security flaws, but this is a mere crumb. Let's wait to bash Vista for security when it is deserved, otherwise it takes away from the critiques.

  1. Monde

    Fresh-Faced Recruit

    Joined: Jan 2004

    0
    12/23, 01:30am | report spam | Reply |

    Agreed

    spacemoose makes a great point. As much as I like bashing big Redmond, this exploit is a straw dog. Considering the menagerie of similar beasts parked at Apple's door over the years, it is hypocritical to listen to the barking of this one.

    That said, Vista is an unabashed second rate knock-off of OSX. A pox on Microsoftinthehead.

    Whew! Glad I got that off my chest.

  1. ajhoughton

    Fresh-Faced Recruit

    Joined: Mar 2004

    0
    12/24, 07:58am | report spam | Reply |

    more to the point

    Please can we have some accurate journalism here?

    "corrupting Windows' MessageBox protocol" is bunkum. It's like saying that you're "subverting your neighbour's front door control k*** protocol".

    I *know* you just copied it from the original article, but please get someone to check it for technical accuracy before re-publishing it!

    The exploit *actually* involves passing bad arguments to Windows' MessageBox *function*.

  1. LouZer

    Fresh-Faced Recruit

    Joined: Nov 2000

    0
    12/25, 05:18pm | report spam | Reply |

    Yawn!

    the vulnerability corrupts Windows' MessageBox protocol to raise system privileges, which could result in much more control over a system than what Microsoft allows by default.

    "Could"? Man, can't they come up with a better proof of concept? h***, this is the same thing the security n**** say about all the "exploits" they find for the mac.

    Although the exploit is currently limited to a proof of concept released on a Russian forum and demands that the malicious user already have administrative access, So, you have to be an admin to give this program escalated privileges (which would be what, if not admin?)

    it has already garnered attention for challenging Microsoft's claim that Vista is more secure than its predecessors,

    Wait! One supposed security hole, and all of a sudden Vista is a bug-ridden and hole-y as XP or 2000? Isn't that also kind of going overboard, considering how bad those previous versions are????

  1. dynsight

    Fresh-Faced Recruit

    Joined: May 2005

    0
    12/26, 08:44am | report spam | Reply |

    Administrator Access

    The biggest problem with Windows is that users have gotten Admin access by default, which later versions of XP and Vista address. If the owner of a PC is liberal with granting Admin access (which this "exploit" requires), then this is nearly a useless security threat. Personally, if I had admin access to a machine to which I wanted to disrupt, I could certainly think of some more devastating ways than futzing with a message box.

    I dislike windows as much as the next Mac user, but this is just not fair and reeks of MS bashing.

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    12/26, 12:33pm | report spam | Reply |

    Re: admin access

    The biggest problem with Windows is that users have gotten Admin access by default, which later versions of XP and Vista address.

    Yeah, too bad OS X does the exact same thing.

  1. CorDog

    Fresh-Faced Recruit

    Joined: Mar 2006

    0
    12/26, 03:39pm | report spam | Reply |

    To Testudo

    Mac Admin ? Win Admin Duh!

  1. CorDog

    Fresh-Faced Recruit

    Joined: Mar 2006

    0
    12/26, 03:40pm | report spam | Reply |

    to testudo

    Mac Admin does not equal Win Admin

    Duh!

  1. ccsccs7

    Mac Enthusiast

    Joined: Nov 2001

    0
    12/26, 10:17pm | report spam | Reply |

    Old Bugs

    Okay, so is this an old bug (since it appears to work in 2000)?

Show More Comments

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

iHome iW2 AirPlay speaker

iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...

Logitech Ultrathin Keyboard Cover

One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...

Logitech UE Air Speaker

If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...

toggle

Most Commented

 

Popular News