New Vulnerability Found In Windows Vista

A security vendor based in Aliso Viejo, California has found a vulnerability with a 'medium' security rating in Microsoft's Windows Vista. According to Marc Maiffret, co-founder and chief hacking officer of eEye Digital Security, the flaw is a privilege escalation bug and the sole reason it got a 'medium' was because it doesn't enable remote control of the system. The flaw, which eEye first found on January 9 and reported to Microsoft on January 19, is one of the first to be found in the brand new operating system. Vista wasn't released to the public until January 30. The vulnerability, which is similar to a buffer overflow problem, enables regular users to grab more power on the system:

"A main security feature added to Vista is that regular users have a lower level of privileges. They have fewer privileges in Vista than they did in Windows XP. When regular users are running the operating system, they have regular user-level access, but with this vulnerability, you can elevate yourself to system-level access. Any normal user can do anything they want to the system," says Maiffret.

News source: InformationWeek

Report a problem with article
Previous Story

Microsoft sends out Windows Live Beta Community Invitation

Next Story

Google Sharpens Malware Alerts for Webmasters

8 Comments

Commenting is disabled on this article.

Guys can you please stop posting this kind of crap on the front page? I mean, you don't go around stepping every flaw in another OS.. Unless I missed something here. :P

Not agreed lol.

As much as I love Vista and hate ALL other OSs (i also continue to use Vista), we all need to know EVERY flaw that is in the Vista OS, so we know what to look out for when using it and so Microsoft patch it quicker. Especially as it is currently a very new OS, whereas the other ones aren't that new at all.

No remote control? Gotta love those machine local exploits ;)
Ah well, an exploit is an exploit, and this should be patched too :)

I guess it could be used to locally install malware etc if triggered, despite not being able to control the host over Internet. It also takes a regular user account to pull of, something I don't have on my system. So they'd still need to bypass the admin password as usual, at least here.

A link to this story was already posted under a different article. It's the one about "eEye" and it's not really a vulnerability.