Windows Vista Kernel Flaw Found

rated by 0 users
This post has 3 Replies | 1 Follower

Top 10 Contributor
Posts 25,861
Points 1,171,990
Joined: Sep 2007
ForumsAdministrator
News Posted: Sun, Nov 23 2008 10:44 PM

When pimping Windows Vista prior to its release, Microsoft called it "the most secure OS ever." Of course, software is just software, and there are bugs in anything. And on Friday, security firm Phion AG announced they had discovered a TCP/IP stack buffer overflow. As researcher Thomas Unterleitner indicated:
Since this buffer overflow overwrites kernel memory, it could be possible that members of the Network Configuration Operator group exploit this and take control over the operating system without any restriction.

This buffer overflow could be exploited to inject code, hence compromising client security.
It's a new vulnerability, meaning it is not reproducible on Windows XP. Microsoft was informed of this vulnerability on Oct. 22nd.



According to Unterleitner,
"We have worked together with Microsoft Security Response Center in Redmond since October 2008 to locate, classify and fix this bug. Microsoft will ship a fix for this exploit with the next Vista service pack."
Yep, no fix until Vista SP2. Microsoft confirmed this issue to ZDNet UK, and that it would be fixed in SP2, but would (quite naturally) not confirm a Windows Vista SP2 release date.



They did confirm they have been investigating the flaw.



  • | Post Points: 35
Not Ranked
Posts 8
Points 55
Joined: Nov 2008
Location: Belgrade - Serbia
userf replied on Mon, Nov 24 2008 3:12 AM

First, you have to be a member of Network Configuration Operation group, then to know how to exploit this flaw.

This group is empty by default and only Admin can change that.





Quid Pro Quo

  • | Post Points: 5
Not Ranked
Posts 13
Points 170
Joined: Jun 2008
pbbyebye replied on Mon, Nov 24 2008 11:06 AM

1st off i heard about this 5 weeks ago.(1st on news site then on Security Now)

2nd it is not restricted to Vista. it effects ALL OS's(Linux,apple,Win.,ect)

3rd IT CAN NOT BE FIXED(with out redesign in TCP/IP). It is a fundamental flaw in the design TCP/IP

I cant wait tell they redesign TCP/IP(internet) and make it go faster.

  • | Post Points: 20
Top 10 Contributor
Posts 6,181
Points 90,135
Joined: Aug 2003
Location: United States, Virginia
Moderator

Yeah I'm not too worried about it at this point.

  • | Post Points: 5
Page 1 of 1 (4 items) | RSS