Report: More flaws found in Microsoft's Vista

[KG_CrimsonTrooper]

Looks like Bill's in Trouble....

Security researchers, hackers find error in software code, including one underlying Internet Explorer 7.

December 25 2006: 4:28 PM EST

NEW YORK (CNNMoney.com) -- Computer security researchers and hackers have found more flaws in Microsoft's Vista, the long-awaited update to the Windows operating system, according to a report Monday.

One programmer said it was possible to increase a user's privileges on all of the company's recent operating systems, including Vista, while a computer security firm said that it found five other vulnerabilities, including one error in the software code underlying the company's new Internet Explorer 7 browser, the New York Times reported.

The browser flaw means that users could become infected with malicious software simply by visiting a particular Web site, according to the report.

That would make it possible for an attacker to inject rogue software into the Vista-based computer, the paper said, citing executives at Determina, a maker of software intended to protect against vulnerabilities.

The new operating system - Microsoft's (Charts) first update to Windows in five years - is crucial for the world's biggest software company. Microsoft has been facing stiff competition from companies like Google (Charts), which has begun offering Web-based applications that rival traditional desktop software.

On Saturday, Nicole Miller, a Microsoft spokeswoman, said the company was investigating the reported browser flaw and that it was not aware of any attacks attempting to use the vulnerability, the paper said.

Microsoft officials were not immediately available for comment on Monday.

The Determina researchers told the paper they had notified Microsoft of four other flaws they had discovered, including a bug that would make it possible for an attacker to repeatedly disable a Microsoft Exchange mail server simply by sending the program an infected e-mail message.

Last week, the chief technology officer of Trend Micro, a Tokyo-based computer security firm, said he had discovered an offer on an underground computer discussion forum to sell information about a security flaw in Vista for $50,000, according to the Times.

Many computer security companies say that there is a lively underground market for information that would permit attackers to break in to systems via the Internet, the paper said.

http://money.cnn.com/2006/12/25/tech...ex.htm?cnn=yes

[KG_AGCent]

duh! There is only so much any development team can do. Only so much a limited beta can do. Until something as intricate as an operating system actually gets into the consumers hands are you going to be able to really determine the idiot-proof-ness of any program. Microsoft has been pretty good about patching proven vulnerabilities with XP and I expect the same with Vista. I remember all the cries of all the chicken littles telling us that XP was going to be the death of us all because hackers were going to take over cyberspace with the all the so-called problems XP had.

So... aside from Kozinski, which of us isn't using XP?

I won't however. be running out and buying Vista the moment it comes out. I will probably wait until the 1st service pack is released. XP is a good, stable OS. If ain't broke, don't fix it.

[KG_CrimsonTrooper]

Dude....

This was intended as an informational post.... Not a commentary.

IS not information power? or at least helpful?

XP is a nice o/s but how long did it take to get stable?

Microsuck deserves to get lambasted as much as possible when possible, I don't know how extensively you have read up on VISTA but i have read quite a bit about... They market VISTA as it being the end all of O/S's that is going to be COMPLETELY SAFE and that it has so many safeguards that using any type of Virus software is redundant. I've got news for you Danny Boy.... VISTA is nothing but a facade over a re-tooled XP and nothing more!

The only way I am going to upgrade is when they EOL ( End of Life ) the support of XP.

VISTA is nothing more than a resource hog AND another way to legally extort money out of the world by FORCING people to upgrade.

[KG_CrimsonTrooper]

From CNN Technology:

NEW YORK (AP) -- Windows Vista, the new computer operating system that Microsoft Corp. is touting as its most secure ever, contains a programming flaw that might let hackers gain full control of vulnerable computers.

Microsoft and independent security researchers, however, tried to play down the risk from the flaw, which was posted on a Russian site recently and is apparently the first affecting the new Vista system released to larger businesses in late November.

The software company said it was investigating the threat but found so far that a hacker must already have access to the vulnerable computer in order to execute an attack.

That could occur if someone is actually sitting in front of the PC or otherwise gets the computer's owner to install rogue software, said Mikko Hypponen, chief research officer for Finnish security research company F-Secure Corp.

"The bottom line is you couldn't use a vulnerability like this to write a worm or hack a Vista system remotely," Hypponen said Tuesday. "It only has historical significance in that it's the first reported vulnerability that also affects Vista. It's a nonevent in other ways."

Attackers with low-level access privileges on a vulnerable machine could theoretically use the flaw to bump up their status, ultimately gaining systemwide control, Hypponen said.

The flaw affects older Windows systems, too, and Hypponen said vulnerabilities like these are quite common and can be fixed with a software patch, which Microsoft releases on the second Tuesday of each month except for the most serious threats. The flaw remains a proof of concept, with no one known to have actually launched an attack with it, Hypponen said.

In a posting on Microsoft's security-response Web journal, a senior security manager, Mike Reavey, said he remained confident "Windows Vista is our most secure platform to date."

Vista, the first major Windows upgrade since Windows XP launched in 2001, was made available November 30 to businesses that buy Windows licenses in bulk. Consumers generally won't be able to get Vista until January 30.

In trying to improve security, Microsoft redesigned its flagship operating system to reduce users' exposure to destructive programs from the Internet.

But most security researchers believe a complex product like Vista can never be error-free, so it was a matter of time for someone discovered a security vulnerability.

http://www.cnn.com/2006/TECH/ptech/1....ap/index.html

[KG_Cloghaun]

I run windows 2000, lol.

[KG_AGCent]

leave it to Andy to "lambaste" the makers of the road to the video game hell he finds himself in. He could be true to his words and switch OS's.

[KG_AGCent]

XP was stable out of the box. It had some security flaws, most of which were handled by weekly updates and SP1. SP2 put the icing on the cake and regular monthly updates coupled with iimmediate urgent updates have proven, in my eyes, the value of the product. Think Linux offers that? Part of me thinks Andy is just sitting behind his keyboard waiting to be offended.

[KG_GASXTREME]

Windows has always had security problems, and given that its still maintaining a HUGE marketshare ( > 96% last I checked) of the OS market, I anticipate that it still will for quite a long time. Personally, although I know many of you may disagree, I "rate" companies a lot based on how quickly they react to problems rather than how many problems they have..... There is no such thing as a flawless product or company IMHO, its just a matter of who reacts the best when something does go wrong.

I have worked with Mac and various flavors of linux. Both are outstanding operating systems, however I personally find that Windows still works best for me.
-steve

[KG_CrimsonTrooper]

Quote:

Originally Posted by KG_AGCent

XP was stable out of the box.
SP2 put the icing on the cake and regular monthly updates coupled with iimmediate urgent updates have proven, in my eyes, the value of the product.

Dude.... Stable out of the box??? how many patches do you THINK there was before SP1?

As far as SP2 put icing on the cake..... SP2 was anything but the icing on the cake.... it added more problems for the IT staff of every company in America than helped! ( of course this is just my opinion and of those IT people I know throughout the country in fortune 20 companies..)

If it works for you than Kudos to you!

[KG_AGCent]

So Andy... what OS do you have on your machine?