Vista Security Flaw Discovered -- Redmond Channel Partner

Vista Security Flaw Discovered

Company officials maintain that the flaw's risks are low.

By The Associated Press
December 25, 2006

Windows Vista, the new computer operating system that Microsoft Corp. is touting as its most secure ever, contains a programming flaw that might let hackers gain full control of vulnerable computers.

Microsoft and independent security researchers, however, tried to play down the risk from the flaw, which was disclosed on a Russian site recently and is apparently the first affecting the new Vista system released to larger businesses in late November.

The software company said it was investigating the threat but found so far that a hacker must already have access to the vulnerable computer in order to execute an attack.

That could occur if someone is actually sitting in front of the PC or otherwise gets the computer's owner to install rogue software, said Mikko Hypponen, chief research officer for Finnish security research company F-Secure Corp.

"The bottom line is you couldn't use a vulnerability like this to write a worm or hack a Vista system remotely," Hypponen said Tuesday. "It only has historical significance in that it's the first reported vulnerability that also affects Vista. It's a nonevent in other ways."

Attackers with low-level access privileges on a vulnerable machine could theoretically use the flaw to bump up their status, ultimately gaining systemwide control, Hypponen said.

The flaw affects older Windows systems, too, and Hypponen said vulnerabilities like these are quite common and can be fixed with a software patch, which Microsoft releases on the second Tuesday of each month except for the most serious threats. The flaw remains a proof of concept, with no one known to have actually launched an attack with it, Hypponen said.

In a posting on Microsoft's security-response Web journal, a senior security manager, Mike Reavey, said he remained confident "Windows Vista is our most secure platform to date."

Vista, the first major Windows upgrade since Windows XP launched in 2001, was made available Nov. 30 to businesses that buy Windows licenses in bulk. Consumers generally won't be able to get Vista until Jan. 30.

In trying to improve security, Microsoft redesigned its flagship operating system to reduce users' exposure to destructive programs from the Internet. But most security researchers believe a complex product like Vista can never be error-free, so it was a matter of time for someone discovered a security vulnerability.

Microsoft shares rose 35 cents to close at $29.99 in Tuesday trading on the Nasdaq Stock Market.

Free Webcast! Learn about Password Management Best Practices

Featured

Copilot Front and Center at Microsoft Ignite 2024

Microsoft CEO Satya Nadella kicked off this year's Ignite conference with a keynote speech focused on the company's efforts to evolve Copilot.
2024-2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
Microsoft Extends AI Copyright Protections to Its Partners

Microsoft this week announced several new partner benefits meant to accelerate channel sales amid skyrocketing AI demand.
The 2024 Microsoft Product Roadmap

Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Vista Security Flaw Discovered

Featured

Copilot Front and Center at Microsoft Ignite 2024

2024-2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Extends AI Copyright Protections to Its Partners

The 2024 Microsoft Product Roadmap

The 2024 Microsoft Product Roadmap

2024-2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 17 Characteristics of Successful MSPs

Price Increases Coming to Power BI, Microsoft Teams Phone

It's Time for a Better Way To Do P2P

The 2024 Microsoft Product Roadmap

2024-2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 17 Characteristics of Successful MSPs

Price Increases Coming to Power BI, Microsoft Teams Phone

It's Time for a Better Way To Do P2P

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Microsoft Ignite 2024: Top Announcements and Takeaways

Shutting Down Session Hijacking and Credential Theft

Back to School with Huntress Managed EDR

That Phishy Feeling: Learning to Spot Modern Phishing

FREE WHITE PAPERS FROM OUR SPONSORS

Your customers need cloud services

Ransomware and You: A Thinker's Guide to Comprehensive Ransomware Protection

Key Questions to Consider Before Selling Your Microsoft Practice

Ransomware & You