New vulnerability impacts Vista admits Microsoft

Stan Beer
Sunday, 24 December 2006 04:53

Your IT - Home IT

A new zero day vulnerability has been discovered that could potentially allow attackers to target computers running all versions of Microsoft Windows, including the long awaited security enhanced Vista. Microsoft has acknowledged that the vulnerability affects Vista on its Microsoft Security Response Center Blog.

The vulnerability, discovered by a Russian hacker known only as NULL, was conveyed to Microsoft on December 16. The vulnerability can be exploited through the Windows MessageBox() function and can potentially cause a memory corruption in the kernel which causes system crash or hang, according to the Full Disclosure security mailing list

The exploit, which has had a proof-of-concept posted on the Web, is not considered particularly dangerous by security vendors because attackers first would have to gain access to a target computer in order to escalate their privileges so that they can plant a malicious executable program.

Microsoft through its Microsoft Security Response Center Blog admits that the vulnerability affects Vista in addition to other supported versions of Windows.

"While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date. As always, we here at the MSRC encourage everyone to enable a firewall, apply all security updates and install anti-virus and anti-spyware software," said Mike Reavy, program manager with the Microsoft Security Response Center in the blog.