Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Microsoft / Patches and Vulnerabilities

Patches and Vulnerabilities

Vista Still Breathing as XP Chokes on Latest Vulnerability

Confirms Symantec

By Marius Oiaga, Technology News Editor

7th of November 2007, 14:57 GMT

Adjust text size:


Windows Vista Editions
Enlarge picture
Windows Vista is still breathing as Windows XP is now choking on the latest vulnerability to hit Microsoft's platform. The Redmond company issued a security advisory detailing a flaw residing in the Macrovision SECDRV.SYS driver that ships by default with both Windows XP and Windows Server 2003. Vista was not nominated along with the two operating systems impacted by the vulnerability and security company Symantec backed Microsoft's position revealing that the Redmond company's latest operating system
is indeed immune to exploits targeting the flaw.

"The original exploit was found in the wild and actively used against Windows-based
computers to gain SYSTEM privileges and install additional malware or bypass other restrictions. It wasn't just proof-of-concept code, but a malicious exploit used in real (but limited) attacks. Vista is not affected. Only SECDRV versions shipped with Windows XP and 2003 are. Instead the version shipped with Vista is a completely different driver, reworked and not vulnerable to this attack. We have tested versions of SECDRV.SYS taken from different systems," revealed Elia Florio, Symantec Security Response Engineer.

Florio confirmed that only the versions of the driver that shipped with Windows XP and Windows Server 2003 contain the security hole, for which Macrovision is already offering a remedy. So far, Microsoft has not given any specific indication pointing to a possible inclusion of the patch issued with the next batch of security bulletins scheduled for next week. Symantec warned that - despite the fact that the vulnerability is only locally exploitable - attacks could leverage alternative avenues in order to successfully allow for remote code execution.

"The exploit can overwrite memory locations in the kernel, so the attacker can execute code in ring-0. This means that bad guys can bypass security restrictions, gain additional privileges, disable security protections, install a rootkit etc", Florio added. "All users should keep in mind that, in a multi-layered defense perspective, it is possible that malware dropped on the system via some other exploit, could potentially take advantage of the SECDRV bug to take further control of the computer and bypass other layers of protection."

TAGS:

 Windows Vista | Symantec | vulnerability | Windows XP | Windows Server 2003


Rating:
Good (3.1/5) 7 vote(s) so far    

Read by 1,621 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Microsoft Announces the Availability of Vista SP1, XP SP3 and Windows Home Server

Windows XP SP3 Beta Build 3205

Internet Explorer 7 Is an Open Door for Attacks

Vista Safe from Fresh XP Zero-Day

Happy Birthday Internet Explorer 7! Microsoft: Install IE7 Even on Pirated Windows(!)

Windows Pirates Failed to Crowd to Internet Explorer 7

Windows XP SP3 Beta Coming Up?

Evaluate System Center Configuration Manager 2007

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive