On Saturday Microsoft posted a security advisory concerning a new exploit which could allow a zero-day attack to take place on Windows based computer systems. Though the flaw requires a user to access a specific website in order for the vulnerability to be exploited or through email. Microsoft has recommended some course of actions for consumers to take while a patch for the flaw is being addressed. TechNet article here.
Though the exploit concerns Windows XP and Server software, what is surprising is that Microsoft’s new flag ship software Vista is also at risk. Which just goes to prove what myself and others have commented on in the past, that Vista may not be as secure as Microsoft would have us believe. If you recall I posted an article on one Microsoft exec. stating that Microsoft likes having pirates attacking Windows. Maybe they also like having their software exploited as well. 🙂
On their website Microsoft describes the attack as:
“Microsoft is investigating new public reports of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker. ”
So what do you think? Will Vista become a sieve for exploits and flaws to be exploited or will Vista be the security champ Microsoft was hoping for?
Update: Microsoft will be issuing a patch for the exploit this week.
Comments welcome.
[tags]microsoft, security, exploit, vista, [/tags]