After poking around the Windows Vista networking stack, Symantec researchers have tried out privilege-escalation attacks on an early version of the Windows XP successor. In a second report on Vista, Symantec takes on a security feature called User Account Control (UAC), in the operating system. The feature runs a Vista PC with fewer user privileges to prevent malicious code from being able to do as much damage as on a PC running in administrator mode, a typical setting on Windows XP.
"We discovered a number of implementation flaws that continued to allow a full machine compromise to occur," Matthew Conover, principal security researcher at Symantec, wrote in the report titled "Attacks against Windows Vista's Security Model." The report was made available to Symantec customers last week and is scheduled for public release sometime before Vista ships, a Symantec representative said Monday.