Home / World Business
Thu, Dec 28, 2006 - Page 10 News List

Flaw discovered in Microsoft's Windows Vista

'A NON-EVENT' A glitch that hackers could exploit to control a computer is being investigated, but already Microsoft says the threat is relatively small

AP , NEW YORK

Windows Vista, the new computer operating system that Microsoft Corp is touting as its most secure ever, contains a programming flaw that might let hackers gain full control of vulnerable computers.

Microsoft and independent security researchers, however, tried to play down the risk from the flaw, which was disclosed on a Russian Web site recently and is apparently the first affecting the new Vista system released to larger businesses late last month.

The software company said it was investigating the threat but found so far that a hacker must already have access to the vulnerable computer in order to execute an attack.

That could occur if someone is actually sitting in front of the PC or otherwise gets the computer's owner to install rogue software, said Mikko Hypponen, chief research officer for Finnish security research company F-Secure Corp.

"The bottom line is you couldn't use a vulnerability like this to write a worm or hack a Vista system remotely," Hypponen said on Tuesday. "It only has historical significance in that it's the first reported vulnerability that also affects Vista. It's a non-event in other ways."

Attackers with low-level access privileges on a vulnerable machine could theoretically use the flaw to bump up their status, ultimately gaining system-wide control, Hypponen said.

The flaw affects older Windows systems as well and Hypponen said vulnerabilities like these are quite common and can be fixed with a software patch, which Microsoft releases on the second Tuesday of each month except for the most serious threats. The flaw remains a proof of concept, with no one known to have actually launched an attack with it, Hypponen said.

In a posting on Microsoft's security-response Web journal, a senior security manager, Mike Reavey, said he remained confident "Windows Vista is our most secure platform to date."

Vista, the first major Windows upgrade since Windows XP launched in 2001, was made available on Nov. 30 to businesses that buy Windows licenses in bulk. Consumers generally won't be able to get Vista until Jan. 30.

In trying to improve security, Microsoft redesigned its flagship operating system to reduce users' exposure to destructive programs from the Internet. But most security researchers believe a complex product like Vista can never be error-free, so it was a matter of time for someone discovered a security vulnerability.

This story has been viewed 3053 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top