RSS Alerts

Share

More services

Related Stories

  • A Rotting Security Apple?
    Vendors, analysts, and commentators alike have long predicted a surge in malware affecting Apple’s products. Yet, until recently, these prognostications have failed to materialize. Drew Amorosi examines recent malware threats to Apple’s OS X operating system to find out if this is an anomaly, or a sign of things to come
  • Virtual attacks
    Virtualisation offers many benefits, but it also brings some security concerns, says Danny Bradbury
  • Virtual Insanity
    Virtualization offers many benefits, but it also brings some security concerns, says Danny Bradbury
  • Leaving a trace
    IT forensics is seen by many in the industry as something of a black art. But it's actually a highly professional discipline, with professional software to assist, as Steve Gold discovers
  • News Feature: Time to Avoid the Droid?
    Finally, hype has matched reality in the world of mobile security. Drew Amorosi chronicles the recent ups and downs of the bustling Android Market to find out why it is in the crosshairs of the security industry

Top 5 Stories

News

Hidden Rootkit/DOS-launching flaw discovered in Vista

24 November 2008

A potentially serious flaw has been discovered in Windows Vista that can allow rootkits to be hidden or denial-of-service attacks to be executed from deep within the operating system.

The kernel vulnerability was discovered by Thomas Unterleitner of Phion, an Austrian security firm, who claims to have told Microsoft about the flaw in October, but has since been told the problem will only be fixed in the next Vista security pack.

According to Phion, the flaw lies in Vista's network I/O subsystem - specifically, requests sent to the iphlpapi.dll application program interface can trigger a buffer overflow that corrupts Vista's kernel memory, resulting in a system crash.

The problem, says Phion, is that the buffer overflow can also be exploited to inject program code, so compromising client security or, under certain conditions, could be used to turn off the host computer using a denial-of-service attack.

Perhaps worse from a security perspective, because the flaw lies in the Netio.sys component of Windows Vista, Phion says it may also be possible to hide rootkits.

Using a sample program, Unterleitner and his team have concluded that the 32- and 64-it Windows Vista Enterprise and Ultimate editions are affected by the security flaw, and that other versions of Vista are "very likely" to be affected.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012