Don't forget that Windows Server 2008 is basically Vista so the concern might less for the PCs and more for the corporate servers that might be exposed...

Ok as the article mentions you need admin rights but if you read much closer you will see the part that says "since Vista trains its users to click on "OK" to all sorts of security warnings." This means that since Vista pops up with warnings for everything and anything so most users (about 60% to 70%) will just click ok on what ever prompt pops up, get it.

Imagine even the uber gamers in the middle of a game gets a overlay pop screen above their game asking them to allow some obscure warning do you think if your about to pwn someone that your gonna sit there and read the boringnese pop up crap .... nope, click ok and it goes away, then BSOD and worm, keylogger, malware makes its way into the system. Now is that clear and easy to understand.

I've done computer security for years now and it still amazes me how so many people trust "windows lockdowns" as secure, bahahaha be serious please my spleen is about to burst.


I don't think anyone actually expected Vista to be any more secure than its predecessors. When you have made yourself a solid, multi-decade long reputation spanning every single product release, reputation for security holes larger than the Milky Way galaxy itself, touting a new release based on "brand new" (yeah, right) code, all you do is give the start signal to a pack of hackers to go hunting.
And, irony of all ironies, the first bug found is a . . buffer overflow. The concept of buffer overflow is as old as computing, and here, for the latest release of shiny bloatware, MS has managed to do it again.
As usual.
Uh, Monkey Boy, next time maybe you could spend less money developing "features" nobody wants (aka embedded DRM) and use the money to tighten up the core features of what any sane individual would call an Operating System (you know, stability, resiliance, . . oh wait, no, you don't know).

ah - how refreshing it is to see a mac fanboi with a lollypop in the mouth?! 
let's compare statistics of how many vulnerability occurences between mac & vista.
linux: let's count it out, as it is not even an operating system, but a jumble of megalomanics.
speaking of monopoly: how about macintosh introducing DRM & how about google packaging chrome along with operating systems with hardware manufacturers?
vista works. for over a million users just like me. i am a pc, NOT a fanboi. if there is a better system than vista, i will be the 1st one to get it. 
cheers.

Loving your work, InQ...

On one hand - "OMG EXPLOIT EXPLOIT EXPLOIT! Vista is rubbish, what kind of secure OS is this?!"

on the other - "administrator privileges are required to execute a program that calls the function containing the flaw"

you know, when we get these "OSX (or LINUX) has an exploit!" certain people are very quick to point out that it requires user intervention, and the likes of sudu, or user rights elevation are required makes the exploit totally worthless. Guess what, the same's true here.

yes, this could present itself as a trojan, but then so could any number of other exploits on any number of other non-microsoft operating systems.

I suspect that this vulnerability does not exist in XP or 2000 family of products. MS licensed the TCP/IP stack from the BSD Unix group for those family of products.

With Windows 6 family (Vista, Server 2008, etc) MS decided to "embrace and extend" that TCP/IP stack to allow for larger packets and frame buffering.

Should be interesting to see how difficult this will be to implement without breaking other things.

my .02

Another reason I use a Mac.

Security Experts: Look guys, this is a major flaw that could be used to take down systems using your OS. 
Microsoft: But, it might take some time to actually fix this, and we'd have to investigate the issue, which seems like a lot of work for us.
Security Experts: Investigate the issue? We're showing you right here exactly what the problem is. All you have to do is, you know, fix it.
Microsoft: Well, we could do that, but is anyone making use of this exploit.
Security Experts: Well, we don't have any documented cases, but that doesn't mean people aren't exploiting it. Besides, the fact that the flaw exists should be enough to prompt you to fix it, regardless of whether it is being actively exploited or not.
Microsoft: Yeah, but it'll cost us a little money to fix, and if nobody's exploiting it...
Security Experts: Face-palm

thank god mohave is perfect and unflawed
i know taking apple computers as winblows experts maybe annother billion in advertising will fix the problem
mm lets see XP works after a decade??? of fixing and the um tweaking community h@cking it down and pretty stable supports most of the hardware made. why would i downgrade to vista

Correct me if I'm wrong, but you have to be administrator to run this exploit sucessfully? Does that really count?

"An Administrator can crash the system" is not a security flaw. Administrators can reboot the system, format the hard drive, or install drivers. So how is this a vulnerability?

What kind of joke did Microsoft announce that Vista have very good security now many network security worker over world which discovery many vulnerable in those operate system which we did paid hundreds dollar for this piece of craps. they used us to get money out of our pocket and not focus on quality only advertise for Vista. what their mind on? Ah of course! Money!!!!!!!!

"..next, as-yet unannounced, service pack."

What are you talking about? Windows 7 is due in Q1 2010.