14 DAY TRIAL // Microsoft's latest operating system Windows Vista is marketed as the most secure Windows platform to date. And yet Vista's security backbone is frail and shaking. The latest vulnerabilities highlighted by the Redmond Company come to prove that Windows Vista will continue the tradition of Windows XP, as the main item of prey for the threat environment. And in this context, Vista delivers an increasingly prolific repertoire of security vulnerabilities.
On June 7 2007, Microsoft has published the monthly Security Bulletin Advance Notification for the security updates scheduled for release, next week, June 12, 2007. Windows Vista is impacted by a total of three vulnerabilities; however, only one flaw actually affects the operating system. According to Microsoft, there is a single moderate level security hole in both 32-bit and 64-bit editions of Windows Vista.
But components of the operating system are less fortunate. Windows Mail and Internet Explorer 7 both feature security vulnerabilities rated as Critical by Microsoft. The desktop email client and the browser are not only fertile sources of flaws but also among the most targeted vectors of attack. Via Windows Mail and IE7 attackers can go around the security measures and mitigations set in place to protect Windows Vista and exploit alternative holes. For Microsoft, a Critical level of severity is equivalent with remote code execution and full ownership of the operating system.
The information associated with the flaws is not detailed in order to prevent reverse engineering of the vulnerabilities before updates are available. Still, no independent sources have revealed the existence of the flaws which indicate the fact that the vulnerabilities were privately reported to Microsoft and are not even the subject of targeted and limited attacks.
With Microsoft's most secure operating system already passed the 40 million sold licenses worldwide since the January 30 2007 launch, and with an installed base larger than that of any competitor, it is clear that the abundance of attacks targeting Windows XP will begin to shift focus to Vista.