NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Microsoft

Microsoft


Vista Opened to Local Privilege Escalation

Microsoft is aware of the issue

By Marius Oiaga, Technology News Editor

28th of February 2007, 09:15 GMT

Adjust text size:


Issues related to privilege escalations in Windows Vista are nothing new. In fact, Microsoft is well aware of the limitations of the User Account Control. The fact of the matter is that Microsoft does
not implement security boundaries with the UAC, and as such, there is a range of potential attacks that will speculate this issue.

In Windows Vista the two main avenues of attacks for privilege escalation are the lack of security boundaries and the legacy Windows Control Panel plug-ins with full administrative privileges. Microsoft has downplayed the relevance of these issues referring to them as implementation bugs, and dismissing the perspective of security vulnerabilities.

The privilege escalation vulnerability reported by eEye Digital Security to Microsoft on January 19, 2006 falls under this category. "A main security feature added to Vista is that regular users have a lower level of privileges", explained Marc Maiffret, co-founder and chief hacking officer of eEye Digital Security told InformationWeek. "They have fewer privileges in Vista than they did in Windows XP. When regular users are running the operating system, they have regular user-level access, but with this vulnerability, you can elevate yourself to system-level access. Any normal user can do anything they want to the system."

According to eEye Digital Security, the vulnerability does not allow for remote code execution, and therefore the level of customer exposure is low. In this regard, the privilege escalation vulnerability has received only a medium severity rating. "If it was coupled with a virus or a different remote vulnerability, it would be a lot more serious," Maiffret added for InformationWeek. "Viruses are very prevalent and there are plenty of other vulnerabilities you can couple it with. In a real world context, it's high because there are a lot of other things you can couple it with to make it pretty nasty. On its own, though, it's only medium."
Read by 815 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Good (3.5/5) 8 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News
| Yesterday's News | News Archive


MORE RELATED ARTICLES:


Windows Vista Express Upgrades Live Next Week

Vista Windows.old

Microsoft Will Kill Window Vista Ultimate Early

Windows Vista Lives in Full Only with 4 GB RAM

Will Apple's Leopard Bite Into Windows Vista?

The True Limitations of Windows Vista Virtualization

Is Microsoft Sending the Right Signals for XP Users with Vista?

Microsoft Patches Critical Vulnerability In Windows Vista

Vista vs. XP - Feature Comparison

Windows Vista System Restore

Windows Vista Support Lifecycle

Why Won't Microsoft Declare Windows XP Expired?

KMS Crack for Vista Home Basic and Home Premium

Windows Ultimate Extra DreamScene Available

Download High Resolution Windows Vista Desktop Wallpaper Pack

Windows Vista Compatibility List Available

Windows Vista Search Kills Google Search

XP Kicks Vista Retail Ass

Windows Vista Causes Confusion Between "Secure" and "Security"

Windows Vista Kills Networks

Get Free Windows Vista RC1

Windows Vista OEM Activation Crack via BIOS Patch

Automatic KMS Activation Crack for Windows Vista

Dell, HP, and Sony OEM Certificates Used in Windows Vista Activation Crack

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM