
But still "every confidence… most secure platform to date"
Published: 28 December 2006 10:40 GMT
Microsoft is investigating a security vulnerability which affects Vista, its newly-launched operating system.
Mike Reavey, operations manager at Microsoft's Security Response Center, revealed last Friday that Vista is vulnerable to a flaw that allows a malicious hacker to escalate user privileges within several versions of Windows.
Proof-of-concept code that exploits the code has been posted online, Reavey said in a blog posting, adding that Microsoft isn't yet aware of any malware that takes advantage of it.
"Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system," wrote Reavey.
"While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date. As always, we here at the MSRC encourage everyone to enable a firewall, apply all security updates and install anti-virus and anti-spyware software," he added.
Vista is Microsoft's first operating system release in five years. The company had repeatedly emphasised that it is more secure than previous versions, having been extensively rewritten.
One major change in Vista is that users' accounts are created with administrator privileges turned off by default, unlike in XP where they are automatically turned on. Microsoft has cited this change as a key security change, as these administrator powers can be used to turn off other security measures.
As such, this flaw could put Vista users at risk. However, Mikko Hyppönen, chief research officer with Finnish security company F-Secure, has already said that the flaw it should not concern corporate or individual users as a malicious hacker can't take advantage of it unless they already have access to their machine.
Earlier this month, security firm Trend Micro claimed that a zero-day Vista flaw was being sold online for $50,000 (£25,500).Vista was launched to businesses at the end of November. It will go on sale to consumers in early 2007.
Graeme Wearden writes for ZDNet UK.
Experience of Windows 2000, Windows Server 2003 and Windows Server 2008 is essential, knowledge of Windows XP and Windows Vista would be beneficial. ...
An IT Support Engineer who will be responsible for supporting Windows Vista is required for an SME in Central London. Windows Vista and Office 2007 ...
Vista and you have strong communication skills and want to work in a comfortable and friendly environment then please apply ASAP through the link ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…
Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...