The difference between genius and stupidity is that genius has its limits - Albert Einstein
|
|
|
A fresh flaw is found in Windows
INSECURITY RESEARCHERS have found a zero-day exploit in Microsoft's Windows operating system that could let hackers take admininstrator control of computers.
The flaw was highlighted by the security firm Sophos, which said that it had appeared online at an 'education site'. Although this has since been removed it has apparently already been mirrored elsewhere.
Sophos explained in a blog post that unless fixed it would let an application gain system level privileges, and - in Windows Vista and Windows 7 - bypass User Account Control, which in the wrong hands could wreak havoc.
"The exploit takes advantage of a bug in win32k.sys, which is part of the Windows kernel", wrote Chester Wisniewski, a senior security advisor at Sophos. The flaw is related to the way in which a certain registry key is interpreted and it enables an attacker to impersonate the system account, which has "nearly unlimited access to all components of the Windows system".
Wisniewski explained that the flaw is present in a variety of Windows releases and stretched back to at least Windows XP. Although the flaw is not already primed for havoc, he added, "On its own, this bug does not allow remote code execution [...] but does enable non-administrator accounts to execute code as if they were an administrator."
Until the flaw is flxed proper, the security pro has suggested one way of mitigating the flaw, however, he accepted that it is a complicated method.
Fortunately few systems should be open to attack, at least according to Wisniewski, who explained, "For this to be exploited, malicious code that uses the exploit needs to be introduced. This means your email, web, and anti-virus filters can prevent malicious payloads from being downloaded." µ
Share this:
Share
PCLinuxOS 2010 FTW!!! Faster and more responsive than Kubuntu and very easy to configure with windows drivers through ndiswrapper, no more hassles! It last longer on my laptop using batteries than Windows 7 which is a resource hog (Both runs the same, Pentium M 2.0GHz and 2GB of RAM) But thanks to stupid Intel, abandoned the 915GM only 1 year after its release and I can't use Aero, PCLinuxOS effects runs like a champ with OGL, eye candy!
Every Microsucks O/S has more security holes than Swiss cheese.
Which begs the question; who the $F have their thousands of programmers been working for since 1999?
"All Windows XP/Vista/7 both 32 and 64 bit are vulnerable to this attack."
http://www.prevx.com/blog/160/New-Windows-day-exploit-speaks-chinese.html
Now, ain't W7 a big step up from XP?
M$ is by far the most successful creator of flaws; I think it fair to say that all others combined don't approach it. And this still in the supposedly revised Vista and W7 (actually just XP with another shell).
IF M$ were producing innovation, flaws could be overlooked. But after they tossed Longhorn and started over merely revising the XP base code, they're just repeating the Win9x "shell game" of selling different shells instead of new product.
Where the heck is WinFS, or anything else actually new? -- Turned out beyond M$'s ability, so all tossed down the memory hole, except in the minds of those who acquired immunity from the biggest virus of all, gigabytes in size: M$ OSs.
RATS MAN I TELL YOU WHAT, MY CRAPPY CORE 2 DUO DOES NOT RUN AT 64 BITS. ITS A RIGHT PIECE OF INTEL, IT IS.
SO I CANNA RUN ANY AMD64 BIT NUTHEN, HOLEY CHRIST!
I AM SITTING HERE HAVING A PANIC ATTACK. MY ARMS ARE VIBRATING!
AND NOW THINGS ARE GETTING DARK..
Win32K.sys you say...
Good thing i am on Win7 pro x64 then :)
A bug in an operating system!
Thank goodness this never happens to other software and that no other operating systems ever require fixes and updates.