Tweet
John Markoff | the New York Times
Posted December 25, 2006
ADVERTISEMENTS
» Search Jobs
» Post your resume
» Post a job
SAN FRANCISCO -- Microsoft is facing an early crisis of confidence in the quality of its Windows Vista operating system as computer-security researchers and hackers have begun to find potentially serious flaws in the system that was released to corporate customers last month.
On Dec. 15, a Russian programmer posted a description of a flaw that makes it possible to increase a user's privileges on all of the company's recent operating systems, including Vista.
And during the weekend, a Silicon Valley computer-security firm said it had notified Microsoft that it had also found that flaw, as well as five other errors. One of those errors, a serious one, is in the software code underlying the company's new Internet Explorer 7 browser.
The browser flaw is particularly troubling because it potentially means that Web users could become infected with malicious software simply by visiting a booby-trapped site.
That would make it possible for an attacker to inject rogue software into the Vista-based computer, according to executives at Determina, a company based in Redwood City, Calif., that sells software intended to protect against operating-system and other vulnerabilities.
Meanwhile, a Microsoft executive Friday posted a comment on a company security-information Web site, saying the company was "closely monitoring" the vulnerability described by the Russian Web site.
The vulnerability permits the privileges of a standard user account in Vista and other versions of Windows to be increased, permitting control of all of the operations of the computer. In Unix and modern Windows systems, users are restricted in the functions they can perform, and complete power is restricted to certain administrative accounts.
"Currently we have not observed any public exploitation or attack activity regarding this issue," wrote Mike Reavey, operations manager of the Microsoft Security Response Center.
Posted December 25, 2006
ADVERTISEMENTS
» Search Jobs
» Post your resume
» Post a job
SAN FRANCISCO -- Microsoft is facing an early crisis of confidence in the quality of its Windows Vista operating system as computer-security researchers and hackers have begun to find potentially serious flaws in the system that was released to corporate customers last month.
On Dec. 15, a Russian programmer posted a description of a flaw that makes it possible to increase a user's privileges on all of the company's recent operating systems, including Vista.
And during the weekend, a Silicon Valley computer-security firm said it had notified Microsoft that it had also found that flaw, as well as five other errors. One of those errors, a serious one, is in the software code underlying the company's new Internet Explorer 7 browser.
The browser flaw is particularly troubling because it potentially means that Web users could become infected with malicious software simply by visiting a booby-trapped site.
That would make it possible for an attacker to inject rogue software into the Vista-based computer, according to executives at Determina, a company based in Redwood City, Calif., that sells software intended to protect against operating-system and other vulnerabilities.
Meanwhile, a Microsoft executive Friday posted a comment on a company security-information Web site, saying the company was "closely monitoring" the vulnerability described by the Russian Web site.
The vulnerability permits the privileges of a standard user account in Vista and other versions of Windows to be increased, permitting control of all of the operations of the computer. In Unix and modern Windows systems, users are restricted in the functions they can perform, and complete power is restricted to certain administrative accounts.
"Currently we have not observed any public exploitation or attack activity regarding this issue," wrote Mike Reavey, operations manager of the Microsoft Security Response Center.
Comment