News >> Browse Articles >> Microsoft
News >> Browse Articles >> OS
News >> Browse Articles >> Security
New Vista Kernel Vulnerability Discovered
Featured Author:
DailyTech
DailyTech is a leading online magazine for a well-educated, tech audience. Its readers enjoy hard-hitting and up to the minute CE, PC, IT and information technology news. DailyTech’s fast-moving content also reaches out via news syndications, public portals, and forums.
Shane McGlaun / DailyTech
November 25, 2008
‘Unfortunately, the fix won’t arrive until next Vista service pack.’ -
Microsoft’s Windows Vista operating system is one of the most maligned operating systems Microsoft has ever produced. The operating system has been panned by some users and critics and has become the brunt of jokes in commercials from rival Apple for its Mac computer systems.
One of the key things that many point to with Vista is the amount of hacks and viruses that can take advantage of holes in the design and security of the OS. Despite the fact that Vista isn’t alone in having security issues, what was described as a huge hole in open source software including Linux was discovered in May, it still gets more press for issues than the other operating systems available.
The latest significant issue with operating system security again falls on Vista’s shoulders with a new kernel vulnerability that has been discovered. The vulnerability was discovered by Thomas Uterleitner from the Austrian security company Phion. Friday Unterleitner announced that he had warned Microsoft about the flaw in October, but a fix would not be offered until the next Vista service pack was launched.
The flaw is in the network input/output subsystem of Vista. Certain requests sent to Vista’s iphlpapi.dll API can cause buffer overflow errors that can corrupt Vista’s kernel memory leading to a blue-screen-of-death (BSOD) crash.
Unterleitner told ZDNet UK, “[the] exploit can be used to turn off the computer using a (denial-of-service) attack. This buffer overflow could (also) be exploited to inject code, hence compromising client security.”
The flaw has been verified in Windows Vista Enterprise and Ultimate editions and it is assumed that all other versions of the operating system will be susceptible to the flaw as well. According to ZDNet UK Microsoft told it that while Microsoft was aware of the issue, it was not aware of any malicious code that can take advantage of the flaw.
Microsoft also didn’t confirm that a fix for the flaw would be offered in the next service pack for Vista.
© 2008, DailyTech
yoddel
4 days ago
232 comments
best infomation
ugg boots on sale
black friday ipod touch
fiyasahamed
10 months ago
4 comments
Hai Everybody.... I don't know the stuff you talking about.. don't blame Microsoft developers.. they are humans... They can fall in to error.. I am using Vista.. I had never experienced the problems you are talking about.. Everything Works Fine with good UI.. I can't buy Macintosh... But i am experiencing myself with fantastic GUI design in Windows Vista.. Everything is going well.. Even though i never paid anything to Microsoft Windows OS.. I don't blame it.. Hands off to Vista.. Waiting for Windows 7 OS.. Even though people talking about the security holes in windows os... Still everyone is using that .. you guys probably know that Windows is Best Ever Operating System in the World... I like Windows.. I love Windows.. LOVE WINDOWS VISTA.. Whatever Hole in My OS .. I LOVE YOU VISTA ....
ngidi
11 months ago
2 comments
hi, my name is bright ngidi, i live in south africa, johannesburg and i`ve been using vister for almost two years now . and i also discovered that since all usb ports in computers can tranfare data in both directions, vista cannot stop/has no way of authenticating/denialing data that is recieved throgh usb ports. therefor all pc`s that are using win vista can be hacked. ask me how , listen to this , me and my friend living in cape town , we usualy chat and play the hacking game using a vpn connection and we send to each other viruses like the stealth virus, which we attach to the word document . THE BIGGEST PROBLEM IS THAT I CAN SEND A PING OF DEATH THROUGH THIS GAME. i always laugh at him when he tells me that he excecuted the virus and his system crushed. now i warn you people to try and avoid using usb ports for internet connections and better use network interface cards instead. i would enjoy to be a hacker but i also have it when my system is crushed by a hardware error or a virus eg. blue screen of death
aceatola
11 months ago
4 comments
So if Vista SUCKS then why do WE ( the public have no choice but to buy Vista) it is on every PC that is made. I looked for a new PC (w/ windows XP ) just over a year ago but to no avail.
I heard that Vista had problems and I went through to many PC's and I did not want any more headaches.
If a company has a problem with their product it is up to them to fix it .
So I guess that Mr. Gates is more about the MONEY than the PUBLIC. Those big charity checks Mr. Gates writes is all our money because all PC's have VISTA . We the PUBLIC should also get a tax write off for our hefty CHARITABLE CONTRIBUTIONS, which is also given to ALL OUR GOVERNMENT LEADERS so they can make all those wonderful laws that we have to follow but THEY DON'T.
PS. WE JUST CAN'T WIN.
money
11 months ago
74 comments
I think the artical is good information to use and no, everyone knows the blue screen of death is the worst, and a DOS attack.
koganinja89
12 months ago
2 comments
You know what's funny... HALF of the visual effects (that is the only thing that makes vista even WORTH buying) were taken from OS X. AND the only reason it is the most secure is because they tried to implement the same security measures as Unix based computers with one exception: "Are you sure that you would like to post this comment? Continue or cancel.
narfnarfsillywilly
12 months ago
4 comments
"The flaw is in the network input/output subsystem of Vista. Certain requests sent to Vista’s iphlpapi.dll API can cause buffer overflow errors that can corrupt Vista’s kernel memory leading to a blue-screen-of-death (BSOD) crash."
*Why* are the specifics of the vulnerability being made public knowledge? HEY HACKERS - CHECK THIS OUT! HERE'S HOW YOU CAN MESS UP WHO KNOWS HOW MANY PEOPLE'S COMPUTERS!
pcdoctor
12 months ago
4 comments
Well compared to any other OS Microsoft has produced Vista is actualy the most secure. I use Vista Premium and I love it. Lets face it no OS is bullet proof. I am a MCTS for Vista and I have had some pretty intense training on Vista. When compared to XP or any other Microsoft OS except maybe Server 2003 and up it's by far the most secure.
cjon2332
12 months ago
2 comments
How can I download Windows Vista Home Basic on my computer?
ariesmann
12 months ago
2 comments
hey i don't know but it would explain why my new comp that i built crashed on me and would seem to work because i was trasfering files all the time, but you know what i like vista too it has some high points that i like alot, i just hope they fix this problem.
ChrisV1
12 months ago
10 comments
If you wanna see Angelina Jolie talking Unix you shold check out Hackers the movie you see a lot of her talking Unix. ;-)
comptech06
12 months ago
4 comments
hot dam, aint that a kick in the nuts. I just dun care about that level of nonesence. Call me when there is somethin positive, like angelina jolie talking unix!
JournoHater
12 months ago
2 comments
I don't care what any lame ass journo says microsoft vista is awesome and thats the bottom line cause stone cold says so.
Ikenna
12 months ago
4 comments
This claim clearly isn't substantive enough. One wonders if it's all about the competitive platform.
loipex107
12 months ago
32 comments
Can the issue be verified or is this on the basis of competition?