But still "every confidence… most secure platform to date"
Published: 28 December 2006 10:40 GMT
Microsoft is investigating a security vulnerability which affects Vista, its newly-launched operating system.
Mike Reavey, operations manager at Microsoft's Security Response Center, revealed last Friday that Vista is vulnerable to a flaw that allows a malicious hacker to escalate user privileges within several versions of Windows.
Proof-of-concept code that exploits the code has been posted online, Reavey said in a blog posting, adding that Microsoft isn't yet aware of any malware that takes advantage of it.
"Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system," wrote Reavey.
"While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date. As always, we here at the MSRC encourage everyone to enable a firewall, apply all security updates and install anti-virus and anti-spyware software," he added.
Vista is Microsoft's first operating system release in five years. The company had repeatedly emphasised that it is more secure than previous versions, having been extensively rewritten.
One major change in Vista is that users' accounts are created with administrator privileges turned off by default, unlike in XP where they are automatically turned on. Microsoft has cited this change as a key security change, as these administrator powers can be used to turn off other security measures.
As such, this flaw could put Vista users at risk. However, Mikko Hyppönen, chief research officer with Finnish security company F-Secure, has already said that the flaw it should not concern corporate or individual users as a malicious hacker can't take advantage of it unless they already have access to their machine.
Earlier this month, security firm Trend Micro claimed that a zero-day Vista flaw was being sold online for $50,000 (£25,500).Vista was launched to businesses at the end of November. It will go on sale to consumers in early 2007.
Graeme Wearden writes for ZDNet UK.
1 x 1st/ 2nd line support analsyt (18,000- 24,000) > MCSE and MCP (ideally in Windows Vista) qualified within the last 2 years > 2 years 1st and 2nd ...
Active Directory Specialist / Linux, Unix skills needed to provide Microsoft Vista and Windows Server 2008 expertise with particular emphasis on ...
Windows XP/Vista/7 Anti-Virus and E-mail management Formed in 1997 with a current turnover of approximately 2M, Micropoint work within a variety of ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business
Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...