Vista Security Takes a Hit

Has Microsoft’s new operating system, Vista
hit an iceberg? Security experts believe a recent crop of vulnerabilities ends
claims the successor to Windows is unsinkable.

After saying it would investigate proof-of-concept code released in Russia, Microsoft was hit by four more security vulnerabilities, including one involving Internet

“Currently, we have not observed any public exploitation or attack activity regarding this issue,” Michael Reavey, operations manager of the Microsoft Security Response Center, wrote in a blog entry regarding the Russian code.

Determina announced it has alerted Microsoft to four zero-day vulnerabilities it found in Vista.

In one instance, a malicious Web page or e-mail could result in hackers launching remote commands. Another flaw could elevate an attacker’s privileges while two other unpatched problems target Vista’s kernel causing a system to shut down.

Although Microsoft said it was investigating the security hole, the software giant’s confidence in Vista remained unshaken. “I still have every confidence that Windows Vista is our most secure platform to date,” Reavey wrote.

Hackers are lining up to deflate Microsoft’s claim that Vista is the most
secure operating system Redmond has produced. And some experts say that in terms
of security, Vista and its predecessor XP are almost mirror images.

“There is little difference in effective security between XP and Vista,” Ross Brown, CEO of Eeye Digital Security, told The charge comes amid a raft of alerts from security vendors that have found vulnerabilities in Vista.

To meet its high sales expectations, Brown said Microsoft needs to find a new reason for consumers to switch to Vista now that its security has been deflated. “Vista is missing a compelling reason [to buy or upgrade to it].”

In November, Microsoft announced the shipment of Vista for volume licensees to corporate customers and other large organizations, and set Jan. 30, 2007, as the date the new OS will be available to consumers in a packaged retail version.

News Around the Web