Vista Vulnerability Found

by on 11/23/2008 in Computers, Software

A flaw in Vista’s networking has been found that can crash the system, but no fix is expected until the next service pack.

A flaw has been found in Windows Vista that could allow rootkits to be hidden or denial-of-service attacks to be executed on computers using the operating system.

The vulnerability was found by Thomas Unterleitner of Austrian security company Phion and was announced Friday. Unterleitner told ZDNet UK on Friday that Phion told Microsoft about the flaw in October but that he understood a fix would only be issued in the next Vista service pack.

According to Unterleitner’s disclosure of the flaw, the issue lies in the network input/output subsystem of Vista. Certain requests sent to the iphlpapi.dll API can cause a buffer overflow that corrupts the Vista kernel memory, resulting in a blue-screen-of-death crash.

“This buffer overflow could (also) be exploited to inject code, hence compromising client security,” Unterleitner said.

Unterleitner told ZDNet UK via e-mail that the “exploit can be used to turn off the computer using a (denial-of-service) attack.” He also suggested that, because the exploit occurs in the Netio.sys component of Vista, it may make it possible to hide rootkits.

7 Responses to “Vista Vulnerability Found”

  1. Robert Barr

    Nov 23rd, 2008

    Why they would wait until the next service pack indicates either the lack of belief in the vulnerability or the lack of conviction from Microsoft to fix it!

  2. Frank J

    Nov 23rd, 2008

    Robert,

    Apparently it’s not that bad or Microsoft would fix it fast.

  3. Robert Barr

    Nov 23rd, 2008

    Any code injection exploit is dangerous. It’s not the exploit, it’s the code that could be injected!

  4. rakudave

    Dec 20th, 2008

    … yet another good reason not to use vista. or any other m$ product for that matter…

    this would never hapen in an open soucre project, as anyone could issue a fix immediately.

    • Frank J

      Dec 20th, 2008

      That’s why I run Linux and XP.

  5. jas

    Dec 21st, 2008

    ” Frank J said:
    December 20th, 2008 on 6:57 am

    That’s why I run Linux and XP.

    that doesnt make you any less stupid

    • Frank J

      Dec 21st, 2008

      It makes me just a little safer and better :)