Since this buffer overflow overwrites kernel memory, it could be possible that members of the Network Configuration Operator group exploit this and take control over the operating system without any restriction. This buffer overflow could be exploited to inject code, hence compromising client security.It's a new vulnerability, meaning it is not reproducible on Windows XP. Microsoft was informed of this vulnerability on Oct. 22nd.
According to Unterleitner,
"We have worked together with Microsoft Security Response Center in Redmond since October 2008 to locate, classify and fix this bug. Microsoft will ship a fix for this exploit with the next Vista service pack."Yep, no fix until Vista SP2. Microsoft confirmed this issue to ZDNet UK, and that it would be fixed in SP2, but would (quite naturally) not confirm a Windows Vista SP2 release date.
They did confirm they have been investigating the flaw.
P/S: http://news.zdnet.co.uk/security/0,1000000189,39559185,00.htm
0 comments:
Post a Comment