Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Window Vista Not So Impregnable – Softpedia

Microsoft's most applauded and presumably the most secure platform for Windows, Windows Vista is not so impregnable now. Just an animated cursor can do the trick, Softpedia published on 30 March 2007.

Inadequate format validation, prior to the rendering of cursors, icons and animated cursors is at the core of the zero day vulnerability.

The software giant was quoted to have sold 20 million copies of Windows Vista in early reports. A number that's much faster if compared to Windows XP's sales in its 1st month. Streetinsider published this on 27 March 2007.

Symantec notified that if the vulnerability was exploited successfully by any chance, the scammer could perform remote execution of arbitrary code on the machine of the victim. Such an attack would include two vectors, the first one being Internet browser while another desktop e-mail client.

Microsoft has sent out warnings that it's aware of the targeted and limited attacks that are impacting a vital hole in the animated cursor handling of MS Windows. The Security Advisory of Microsoft has said that to carry out this attack the user has to either visit a website containing a web page used for exploiting the vulnerability or for viewing a specifically designed message or attachment sent to the user from a hacker.

However, in spite of these mitigations, Vista is still susceptible to attacks. In a video that's embedded on the website of Softpedia, one can easily view Craig Schmugar - McAfee's virus research manager, sending Vista in to an infinite loop of "crash restart". And, he does this by just dragging a distorted .ani file to the desktop of the OS.

The vulnerability is present on almost the whole line of Windows OSes, comprising Vista. Windows users who browse malicious websites using Internet Explorer version 6 or 7 put their machines at high risk of running arbitrary code, as per McAfee.

Related article: Wendy’s Name Used to Steal Private Detail From Users

» SPAMfighter News - 07-04-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page