Thread: Vista is a secure OS... YEAH RIGHT~~!
View Single Post
  #6 (permalink)  
Old 04-03-2007
Kerry Brown
 

Posts: n/a
Re: Vista is a secure OS... YEAH RIGHT~~!
Was the system compromised? Was the user account even compromised? Yes it
caused a crash but was it able to use this to exploit the system?

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca


"jim kirk" <11@11.11> wrote in message
news:O80LobZdHHA.2316@TK2MSFTNGP04.phx.gbl...
> As I have predicted vista will be the biggest target ever
> for all kinds of attacks. It will be brought down to its knees
> by the hackers. Why? Well because MS boasted about it being secure... and
> everyone knows that this is a lie.
> Now all the hackers have to do is play! Although I wish no harm to
> anyone... vista needs a good smack-down to show
> the world what a piece of crap it really is. MS has the NERVE to CLAIM
> that vista is more secure than linux or Macs...
> ohhh their asking for it BIG TIME!
>
> see a video here of the .ani attack (this effects all versions of windows,
> but I thought vista was secure.. what the heck is UAC doing? sleeping? )
>
> http://www.youtube.com/watch?v=hf0S0Vk7j6I
>
> see article here:
>
> March 30, 2007
> Follow-up: Vista vulnerable to animated cursor flaw
> On Thursday, I posted an item about a flaw in Internet Explorer 6 and 7
> related to the way those browsers in Windows XP Service Pack 2 handle
> animated cursors. At the time, the word was that it would not affect IE7
> on Windows Vista because of that browser's Protected Mode, which isolates
> it from the operating system.
>
> However, apparently IE need not be involved at all. Just the way Windows
> handles animated cursors leaves the operating system vulnerable. Drag a
> malicious animated cursor file (.ani) to the Vista desktop and . . .
>
> Well, see for yourself, courtesy of this video by McAfee's Craig Schmugar:
>
> Yes, what you're watching is an endless loop of Windows Explorer crashing
> and restarting, over and over. In its security bulletin on the flaw,
> Microsoft mentions that one way to spread this would be via e-mail.
> Indeed, an e-mail attachment saved to the desktop would be just the thing
> to kick off this crash-restore cycle.
>
> It will be interesting to see how fast Microsoft patches this
> vulnerability.
>
> Update: Security firm eEye has issued a third-party patch for the flaw.
> Use it at your own risk.
>
> Update 2.0: Microsoft -- Attacks on Windows Flaw Rise
>

Reply With Quote