Two Exploits Fail, Vista Runs Strong
Microsoft Windows Vista operating system was found with some dangerous vulnerability this month but the operating system continued to run strong, a security analyst said at the InfoSecurity Europe conference in London.
Attackers targeted Vista with at least two exploits that tried to leave behind security feature defeated, said Mikko Hypponen, chief research officer for F-Secure. PCadvisor published this in news on April 25, 2007. The new security solutions were designed to spoil attacks by malicious software.
Earlier Microsoft had developed an out-of-cycle patch for Windows vulnerability in how it handled .ani or animated cursor files. Animated cursors are image loops that take the place of the standard pointer on Windows OS. The .ani flaw is particularly dangerous because in its presence just viewing the malicious website could infect the system.
Microsoft had admitted the animated cursor flaw in Windows 2000, Windows XP, Windows Server 2003, and Windows Vista, according to the company. Although there seems to be little evidence that the vulnerability is being exploited in real-world attacks, but Microsoft listed the series of possible mediums of attack. Microsoft released a complete 'Patch Tuesday' in April first week this year. Virusbtn published this in news in April first week.
While viewing a web page, or reading a specially constructed message or opening an attachment that is specially crafted, an attacker could run a code in the affected system. An animated cursor indicating a file by the .ani file type does not constrain a successful attack, Microsoft said in its security advisory. Itnewsonline published this in news, end week of March 2007.
The twin exploits attempted to exploit the vulnerability by touching on vista's Address Space Load Randomization (ASLR) feature. This security feature is different every time the computer logs on because the operating system's memory map appears differently, Hypponen explained. Since certain malicious software can function only in specific parts of the computer's memory, ASLR can baffle them.
Despite being placed into the OS's memory, the exploits failed to run and barely caused crash down of the computer, Hypponen said. PCworld published this on April 25, 2007.
Related article: THE SPAM MAFIA
» SPAMfighter News - 02-05-2007