14 DAY TRIAL // Microsoft is not a stranger to vulnerabilities, not even by far. And the fact that Windows Vista will not debut for the general public with an immaculate record comes to prove that Microsoft cannot escape a tradition of vulnerabilities. Although the Redmond Company has labored extensively to make the platform synonymous with a secure environment, with a little over one month to the official launch of the operating system, there are numerous vulnerability reports associated with Vista.
Redwood City, California-based security company Determina has identified a total of five vulnerabilities in Microsoft's products, over the period beginning on December 15, 2006. The five security flaws detected by Determina are on top of the Client Server Run-Time Subsystem less critical vulnerability for which a Russian hacker has already published the Proof-of-Concept code, impacting Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems.
According to executives from Determina, the security company has also discovered the first critical vulnerability in Internet Explorer 7. "Web users could potentially become infected simply by visiting a site designed to exploit the flaw," said Alexander Sotirov, senior security researcher at Determina. "It allows any website you visit to gain control of your browser, execute code on your system and take control." Via this vulnerability, malware can be injected into Vista while the users surf a malicious website. Determina gave little additional details on the other vulnerabilities, but as soon as such details will be made available you will be able to read about them right here on Softpedia.
As yet, Microsoft has only commented on the Client Server Run-Time Subsystem vulnerability, and stated that the Redmond Company has not detected even limited exploit attempts and that a security patch is in the works.
"I don't think people should become complacent," said Nand Mulchandani, a vice president at Determina. "When vendors say a program has been completely rewritten, it doesn't mean that it's more secure from the get-go. My expectation is we will see a whole rash of Vista bugs show up in six months or a year."
Additionally, there is the case of the Windows Vista zero-day vulnerability that is being auctioned for $50,000 according to Raimund Genes, chief technology officer for security firm Trend Micro.
"A lot of businesses are not prepared for Vista because of the hardware that's needed. So, businesses may be slow to upgrade," said Dave Marcus, security research and communications manager for McAfee. "If you buy a zero-day exploit, you want it to work on a widely deployed piece of software."