Windows Vista, the latest and greatest OS from Microsoft, hasn’t even been released to general consumers yet and experts are finding vulnerability exploits and related code being sold and discussed on the internet through underground sites. This operating system has been touted by Microsoft as being the most secure operating system yet, but the security has been brought into question due to some flaws reported on a Russian and US sites recently.
One of the threats involves a hacker gaining additional privileges to a PC through direct access to the PC or through someone installing software with the hack. This is according to Mikko Hypponen, a chief research officer for F-Secure Corp. “The bottom line is you couldn’t use a vulnerability like this to write a worm or hack a Vista system remotely,” Hypponen said. “It only has historical significance in that it’s the first reported vulnerability that also affects Vista. It’s a nonevent in other ways.” This hack affects older Windows operating systems as well, according to Hypponen.
Another of the most prevalent talked about flaws involves IE7 which could allow a hacker to take control of any computer that visits a web site with the IE7 browser on Vista. “Web users could potentially become infected simply by visiting a site designed to exploit the flaw,” said Alexander Sotirov, a senior security researcher at Determina. “It allows any web site you visit to gain control of your browser, execute code on your system and take control.”
A post on Microsoft’s Security Response Center Blog acknowledges some of the security issues and stated that they are monitoring them closely. “While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date. As always, we here at the MSRC encourage everyone to enable a firewall, apply all security updates and install anti-virus and anti-spyware software.”, stated Mike Reavey through the blog.
Microsoft is a big target and as long as they have an operating system, there will always be hackers targeting them as they have in the past. This has got to be a big blow for Microsoft to have these vulnerabilities unveiled and exploited so soon after the release of the new Vista operating system that is supposed to be their most secure. It seems that Microsoft has already tried to downplay the severity of these flaws, but this certainly will not be the last attack on the Vista OS security.