Steve and Jen bring you this daily review of the news
Premium Advertiser

News Blog Sponsors

News Links

BBC World Service
The Guardian
Washington Post
Iraq Order of Battle
NY Times
LA Times
ABC News

Blogs We Like

Daily Kos
Digby's Blog
Operation Yellow Elephant
Iraq Casualty Count
Media Matters
Talking Points
Defense Tech
Intel Dump
Soldiers for the Truth
Margaret Cho
Juan Cole
Just a Bump in the Beltway
Baghdad Burning
Howard Stern
Michael Moore
James Wolcott
Cooking for Engineers
There is No Crisis
Whiskey Bar
Rude Pundit
Crooks and Liars
Amazin' Avenue
DC Media Girl
The Server Logs

Blogger Credits

Powered by Blogger

Archives by
Publication Date
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
Comments Credits
Comments by YACCS
Tuesday, December 26, 2006

Problem with Vista?

Siggi Bucher/Reuters

Microsoft has spent millions branding its new
Vista operating system as the most secure product
it has ever produced.

Flaws Are Detected in Microsoft’s Vista

Published: December 25, 2006

SAN FRANCISCO, Dec. 24 — Microsoft is facing an early crisis of confidence in the quality of its Windows Vista operating system as computer security researchers and hackers have begun to find potentially serious flaws in the system that was released to corporate customers late last month.

On Dec. 15, a Russian programmer posted a description of a flaw that makes it possible to increase a user’s privileges on all of the company’s recent operating systems, including Vista. And over the weekend a Silicon Valley computer security firm said it had notified Microsoft that it had also found that flaw, as well as five other vulnerabilities, including one serious error in the software code underlying the company’s new Internet Explorer 7 browser.

The browser flaw is particularly troubling because it potentially means that Web users could become infected with malicious software simply by visiting a booby-trapped site. That would make it possible for an attacker to inject rogue software into the Vista-based computer, according to executives at Determina, a company based in Redwood City, Calif., that sells software intended to protect against operating system and other vulnerabilities.

Determina is part of a small industry of companies that routinely pore over the technical details of software applications and operating systems looking for flaws. When flaws in Microsoft products are found they are reported to the software maker, which then produces fixes called patches. Microsoft has built technology into its recent operating systems that makes it possible for the company to fix its software automatically via the Internet.

Despite Microsoft assertions about the improved reliability of Vista, many in the industry are taking a wait-and-see approach. Microsoft’s previous operating system, Windows XP, required two “service packs” issued over a number of years to substantially improve security, and new flaws are still routinely discovered by outside researchers.

On Friday, a Microsoft executive posted a comment on a company security information Web site stating the company was “closely monitoring” the vulnerability described by the Russian Web site. It permits the privileges of a standard user account in Vista and other versions of Windows to be increased, permitting control of all of the operations of the computer. In Unix and modern Windows systems, users are restricted in the functions they can perform, and complete power is restricted to certain administrative accounts.

“Currently we have not observed any public exploitation or attack activity regarding this issue,” wrote Mike Reavey, operations manager of the Microsoft Security Response Center. “While I know this is a vulnerability that impacts Windows Vista, I still have every confidence that Windows Vista is our most secure platform to date.”

posted by Steve @ 12:57:00 AM

12:57:00 AM

The News Blog home page


Editorial Staff

Add to My AOL

Support The News Blog

Amazon Honor System Click Here to Pay Learn More
News Blog Food Blog
Visit the News Blog Food Blog
The News Blog Shops
Operation Yellow Elephant
Enlist, Young Republicans