Visa Security Flaws Prior to Consumer Release

The New Acunetix V12 Engine


Now Vista is actually out we haven’t heard much about it, before it’s commercial release however there was a lot of flaws released and discussion about the (in)security of the OS. The architecture does seem a lot better..

But still it’s from Microsoft, how long until we get a remote root exploit giving the highest level of access. They even tried to lock security vendors out from the Kernel for a while.

One full month before Microsoft Windows Vista ships to consumers, hackers and security experts have already discovered six serious flaws in the operating system. Vista was made available to business customers one month ago. Since then, the experts have been throwing everything they can come up with at this build of Vista hoping to discover possible vulnerabilities before the general public starts running the OS on their home machines.

There were some others too, unsurprisingly a lot were based around Internet Exploder 7.

Here are some of the flaws, paraphrased from the NYT story:

  • Determina discovered a bug in Internet Explorer 7 that allows malware to be surreptitiously installed on a user’s computer if he visits a “booby-trapped site” while browsing the web.
  • Determina also discovered a way to disable a network’s Microsoft Exchange server by sending an infected email.
  • An unnamed Russian programmer discovered a way to hack his user permissions on all Windows systems on a corporate network using a Vista exploit. This is particularly dangerous, since a hacker could use his increased privileges to circumvent IE7’s built-in sandbox controls.
  • Tokyo-based company Trend Micro has discovered a hacker on a Japanese message board offering to sell information about a Vista security flaw for $50,000.

From what I’ve seen around…there are serious exploits for Vista and IE7 for sale if you know where to look.

Source: Wired Blog

Posted in: Exploits/Vulnerabilities, Windows Hacking

, , , , , ,


Latest Posts:


Intercepter-NG - Android App For Hacking Intercepter-NG – Android App For Hacking
Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.
dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.


One Response to Visa Security Flaws Prior to Consumer Release

  1. SN July 2, 2007 at 3:00 pm #

    The MS at it again. I went a MS conference last year in NYC and one of the chief security architects when asked about the holes in XP, to the humor of the audience, said that it was job security to have holes. This was a joke.

    -SN