Windows Exploits Beat Vista To Market!
How secure is Microsoft's newest client operating system? Keep in mind Redmond developers took a few extra years in delaying the release to bolster the new OS' security and make it the most impenetrable Windows version yet.
Well, it's back to the drawing board, it appears. Before Windows Vista was even released to consumers hackers have published dangerous exploits revealing just how vulnerable the new Windows release is. The exploit code, posted publicly on the Web overseas, has triggered Microsoft's emergency response team, even though the OS isn't even yet available (to consumers)!
Apparently the new OS is subject to a csrss.exe vulnerability that enables anyone with the posted information to leverage memory corruption by targeting Windows' notoriously weak APIs (in this case the MessageBox interface). Particularly concerning is the fact that csrss.exe is Windows' main executable.
Once the exploit is in place, a hacker could elevate their privileges on the target system. Presumably, the potential exists for an unauthorized user to take control of your Vista system (and all its data). This before the OS is even released.
While embarrassing for Microsoft, it's to be expected. With 95 percent of the market, coders will continue targeting every product Microsoft releases. Still, to have your new flagship OS hacked before it's even released doesn't bode well for all the new security improvements supposedly integrated within the new OS.
Well, it's back to the drawing board, it appears. Before Windows Vista was even released to consumers hackers have published dangerous exploits revealing just how vulnerable the new Windows release is. The exploit code, posted publicly on the Web overseas, has triggered Microsoft's emergency response team, even though the OS isn't even yet available (to consumers)!
Apparently the new OS is subject to a csrss.exe vulnerability that enables anyone with the posted information to leverage memory corruption by targeting Windows' notoriously weak APIs (in this case the MessageBox interface). Particularly concerning is the fact that csrss.exe is Windows' main executable.
Once the exploit is in place, a hacker could elevate their privileges on the target system. Presumably, the potential exists for an unauthorized user to take control of your Vista system (and all its data). This before the OS is even released.
While embarrassing for Microsoft, it's to be expected. With 95 percent of the market, coders will continue targeting every product Microsoft releases. Still, to have your new flagship OS hacked before it's even released doesn't bode well for all the new security improvements supposedly integrated within the new OS.
Labels: windows vista security holes
0 Comments:
Post a Comment
<< Home