All the latest UK technology news, reviews and analysis
|
|
|
07 Aug 2006
A security researcher at the Black Hat security conference has demonstrated several ways to circumvent security features that are built into Microsoft's forthcoming Windows Vista operating system.
According to media reports, researcher Joanna Rutkowska with Coseinc demonstrated two ways to attack a Windows Vista system during a session at the conference. The exposed flaws would potentially allow an attacker to execute arbitrary code.
Windows Vista requires that all device drivers are 'signed' to prevent malicious code from posing as a legitimate driver. The researcher however demonstrated a way to load unsigned drivers.
The researcher in the second case used the virtualisation technology in a system's AMD processor to inject code into the Vista kernel. The technology would allow an attacker to create a new hypervisor that could control the operating sytem. It would remain undetected from the user and would be at the attacker's disposal.
Although she only demonstrated the attack on an AMD processor, Rutkowska said that it would also work on PCs running Intel chips.
Both attacks relied on documented features in Windows Vista and should not be considered bugs, she added.
"The fact that this mechanism was bypassed doesn't mean Vista is insecure. It just means it's just not as secure as advertised," said Rutkowska, according to Internet News.
Earlier at the annual Las Vegas security event, Microsoft had challenged hackers to test the operating system's security features. It has distributed copies of the software's latest beta to about 3,000 security researchers.
Rutkowska is not the first security researcher to hack into a Windows Vista system, but is the first do so in a live demonstration at a public event.
As reported last week, security vendor Symantec has demonstrated several ways to circumvent the operating system's user account protections. Although Microsoft has since repaired the bugs Symantec had identified, it illustrates that the software still has weaknesses and that additional bugs are likely in the future.
Latest stories from Operating Systems
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Onsite IT Support Technician / Manager - Leek - circa...
Lead Infrastructure Engineer (Microsoft) – Hosted Services...
Hi Greetings, Job Title : Business Analyst Location...
Magento Senior Developer, London : Magento / PHP / CSS...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Vista still insecured
I just read about an hour ago that there are still major security flaws in the final release of Windows Vista. I am a bit surprised that Microsoft is still not serious about getting its act together. I mean Linux is secured, can't they learn from the secured nature of linux and produce a system that offers better security. I suspect that they are only interested in getting money from producing newer versions of their systems and selling without caring about how it affects their customers. Well, they are going to pay dearly this time around. We are sick and tired of their complicency. It is enough.
Posted by: Dazanix 27 Dec 2006
more about Windos Vista
Considero muy bueno , pero me gustaria decir que el Windows Vista ya se ha instalado en la siguiente PC , Intel P- III a 550 MHz con 256 de RAM , 512 cache y 133 de buffer ( es un SLOT I de los viejos de verdad ) con AGP de 32 Video, y como corre!!! , no tiene restricciones de 64 , solo chequeo de hardware , pero parece se les olvido algo, de todas maneras con solo brincar esa restriccion puede instalarlo en una pc como la que le dije o cualquiera (le recomiendo que garantize un buen video porque hala bastante) haz la prueba PD: No soy hacker , solo curioso de tecnologias saludos I would like said that WV just was instaled in PC Intel p - III a 550 MHz with 256 RAM , 512 cache and 133 buffer ( it´s SLOT I of de old Board really) with AGP of 32 Video, and like run!!! ,don´t have restriction of 64 , only hardware check.., but there forgothen one something, i hope now that you can instaler with just only jump thats restriction in one pc like i said (i recomending a really good video card) doing, if you preffer PD: i don´t a hacker , just fan to the tecnology im not speak english
Posted by: ATLON 24 Sep 2006
Good news
This is actually good news. This is exactly what Microsoft wanted to happen - smart people, investigating their software and looking for holes. This is beta software, it's still in process of being written. Microsoft has publicly handed it out with the sole purpose that it be hacked and hacked publicly. Anyone who complains about this suffers extreme ignorance.
Posted by: Ben 08 Aug 2006
These was an official hack
Vista will be the grave for MS because once it is out it will be bombarded with hacks. You don't believe it? Well just wait.
Posted by: Mzungu 08 Aug 2006
Smart asses.
You first had to click accept to run the hack of mss Rutkowska. Not what I call arbitrary code..
Posted by: alli 07 Aug 2006
LOL
Destroyed by a guuurrrl! Go home Microshit; ur time is way past due.
Posted by: Jarod 07 Aug 2006