Exploits And Vulnerabilities | Windows Vista Security News

Archive for the 'Exploits and Vulnerabilities' Category

Vista SP1 will contain undocumented fixes

Wednesday, February 6th, 2008

For some people, counting the number of security flaws that one OS has compared to another is important because it offers a metric upon which to determine which OS is the most secure. However, many claim that Microsoft stacks the deck in its favor by not disclosing a full list of vulnerabilities that have been [...]

Firefox 2.0 and IE7 – Attack Vectors for Windows Vista

Tuesday, April 10th, 2007

The .ANI file format vulnerability impacting Windows Animated Cursor Handling has gotten a lot of play lately. One of the reasons for this is the fact that the Windows Animated Cursor Handling flaw is the first pure blood, pure bred Windows Vista critical vulnerability. As I have mentioned, before there are two vectors of attack [...]

Cursor flaw gives Vista security a black eye

Tuesday, April 10th, 2007

Microsoft’s release of a "critical" patch on Tuesday poked holes in Vista’s security promises, but security experts advise against discounting the new operating system. The software giant broke with its monthly patch cycle Tuesday to fix a bug that cybercrooks had been using since last week to attack Windows PCs, including those running Vista.

From root kit to boot kit: Vista code signing compromised

Wednesday, April 4th, 2007

At the Black Hat Conference in Amsterdam, security experts from India demonstrated a special boot loader that gets around Vista’s code signing mechanisms. Indian security experts Nitin and Vipin Kumar of NV labs have developed a program called the VBootkit that launches from a CD and boots Vista, making "on the fly" changes in memory [...]

Microsoft security guru wants Vista bugs rated less serious

Friday, March 23rd, 2007

Microsoft’s own bug hunters should cut Windows Vista some slack and rate its vulnerabilities differently because of the operating system’s new, baked-in defenses, according to the developer who is often the public persona of the company’s Security Development Lifecycle (SDL) process. Michael Howard, a senior security program manager in Microsoft’s security engineering group, said that [...]

Attackers Can Use Windows Vistas StickyKeys to Open Backdoor

Friday, March 23rd, 2007

A Windows feature designed to simplify computing for disabled users could be misused in Vista, a McAfee Inc. researcher reported Monday. Attackers could use this feature, called StickyKeys, to trick a user into launching unauthorized software on the Vista machine, according to Vinoo Thomas, a McAfee researcher who blogged about the issue on Monday. StickyKeys [...]

Windows Vista Hit by User-Privilege Vulnerability

Saturday, March 3rd, 2007

A security firm has discovered one of the first security flaws to directly affect Windows Vista, a bug that it claims allows local users to escalate their privileges. The flaw involves Windows’ system for managing user security levels, User Account Control (UAC), which was introduced with Vista. UAC is designed to limit the damage that [...]

Vista still vulnerable

Saturday, March 3rd, 2007

Experts say Windows Vista may still be susceptible to hackers, reports Patrick Gray. VULNERABILITIES in Windows Vista will plague users in coming months and years, a prominent security researcher warns, despite its security improvements over predecessor XP. Security bug-hunters are now turning their attention to the new platform and users should not expect Vista to [...]

Hacker, Microsoft duke it out over Vista design flaw

Friday, February 16th, 2007

Joanna Rutkowska has always been a big supporter of the Windows Vista security model. Until she stumbled upon a "very severe hole" in the design of UAC (User Account Control) and found out — from Microsoft officials — that the default no-admin setting isn’t even a security mechanism anymore. Rutkowska, a hacker with a track [...]

vista exploitable,researcher says