Windows Vista Kernel Flaw Found

When pimping Windows Vista prior to its release, Microsoft called it "the most secure OS ever." Of course, software is just software, and there are bugs in anything. And on Friday, security firm Phion AG announced they had discovered a TCP/IP stack buffer overflow. As researcher Thomas Unterleitner indicated:
Since this buffer overflow overwrites kernel memory, it could be possible that members of the Network Configuration Operator group exploit this and take control over the operating system without any restriction. This buffer overflow could be exploited to inject code, hence compromising client security.
It's a new vulnerability, meaning it is not reproducible on Windows XP. Microsoft was informed of this vulnerability on Oct. 22nd.

According to Unterleitner,
"We have worked together with Microsoft Security Response Center in Redmond since October 2008 to locate, classify and fix this bug. Microsoft will ship a fix for this exploit with the next Vista service pack."
Yep, no fix until Vista SP2. Microsoft confirmed this issue to ZDNet UK, and that it would be fixed in SP2, but would (quite naturally) not confirm a Windows Vista SP2 release date.

They did confirm they have been investigating the flaw.
Via:  ZDNet UK
userf 6 years ago

First, you have to be a member of Network Configuration Operation group, then to know how to exploit this flaw.

This group is empty by default and only Admin can change that.

pbbyebye 6 years ago

1st off i heard about this 5 weeks ago.(1st on news site then on Security Now)

2nd it is not restricted to Vista. it effects ALL OS's(Linux,apple,Win.,ect)

3rd IT CAN NOT BE FIXED(with out redesign in TCP/IP). It is a fundamental flaw in the design TCP/IP

I cant wait tell they redesign TCP/IP(internet) and make it go faster.

bob_on_the_cob 6 years ago

Yeah I'm not too worried about it at this point.

Post a Comment
or Register to comment