hey_moe
November 25th, 2008, 17:20
Fix won't come around until next Vista service pack
Microsoft's Windows Vista operating system is one of the most maligned operating systems Microsoft has ever produced. The operating system has been panned by some users and critics and has become the brunt of jokes in commercials from rival Apple for its Mac computer systems.
One of the key things that many point to with Vista is the amount of hacks and viruses that can take advantage of holes in the design and security of the OS. Despite the fact that Vista isn't alone in having security issues, what was described as a huge hole in open source software (http://www.dailytech.com/Huge+Hole+in+Open+Source+Software+Found+Leaves+Mil lions+Vulnerable/article11869.htm) including Linux was discovered in May, it still gets more press for issues than the other operating systems available.
The latest significant issue with operating system security again falls on Vista's shoulders with a new kernel vulnerability that has been discovered. The vulnerability was discovered by Thomas Uterleitner from the Austrian security company Phion. Friday Unterleitner announced that he had warned Microsoft about the flaw in October (http://news.cnet.com/8301-1009_3-10106173-83.html), but a fix would not be offered until the next Vista service pack was launched.
The flaw is in the network input/output subsystem of Vista. Certain requests sent to Vista's iphlpapi.dll API can cause buffer overflow errors that can corrupt Vista's kernel memory leading to a blue-screen-of-death (BSOD) crash.
Unterleitner told ZDNet UK, "[the] exploit can be used to turn off the computer using a (denial-of-service) attack. This buffer overflow could (also) be exploited to inject code, hence compromising client security."
The flaw has been verified in Windows Vista Enterprise and Ultimate editions and it is assumed that all other versions of the operating system will be susceptible to the flaw as well. According to ZDNet UK Microsoft told it that while Microsoft was aware of the issue, it was not aware of any malicious code that can take advantage of the flaw.
Microsoft also didn't confirm that a fix for the flaw would be offered in the next service pack for Vista.
Microsoft's Windows Vista operating system is one of the most maligned operating systems Microsoft has ever produced. The operating system has been panned by some users and critics and has become the brunt of jokes in commercials from rival Apple for its Mac computer systems.
One of the key things that many point to with Vista is the amount of hacks and viruses that can take advantage of holes in the design and security of the OS. Despite the fact that Vista isn't alone in having security issues, what was described as a huge hole in open source software (http://www.dailytech.com/Huge+Hole+in+Open+Source+Software+Found+Leaves+Mil lions+Vulnerable/article11869.htm) including Linux was discovered in May, it still gets more press for issues than the other operating systems available.
The latest significant issue with operating system security again falls on Vista's shoulders with a new kernel vulnerability that has been discovered. The vulnerability was discovered by Thomas Uterleitner from the Austrian security company Phion. Friday Unterleitner announced that he had warned Microsoft about the flaw in October (http://news.cnet.com/8301-1009_3-10106173-83.html), but a fix would not be offered until the next Vista service pack was launched.
The flaw is in the network input/output subsystem of Vista. Certain requests sent to Vista's iphlpapi.dll API can cause buffer overflow errors that can corrupt Vista's kernel memory leading to a blue-screen-of-death (BSOD) crash.
Unterleitner told ZDNet UK, "[the] exploit can be used to turn off the computer using a (denial-of-service) attack. This buffer overflow could (also) be exploited to inject code, hence compromising client security."
The flaw has been verified in Windows Vista Enterprise and Ultimate editions and it is assumed that all other versions of the operating system will be susceptible to the flaw as well. According to ZDNet UK Microsoft told it that while Microsoft was aware of the issue, it was not aware of any malicious code that can take advantage of the flaw.
Microsoft also didn't confirm that a fix for the flaw would be offered in the next service pack for Vista.