Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Hidden Rootkit/DOS-launching flaw discovered in Vista

The kernel vulnerability was discovered by Thomas Unterleitner of Phion, an Austrian security firm, who claims to have told Microsoft about the flaw in October, but has since been told the problem will only be fixed in the next Vista security pack.

According to Phion, the flaw lies in Vista's network I/O subsystem - specifically, requests sent to the iphlpapi.dll application program interface can trigger a buffer overflow that corrupts Vista's kernel memory, resulting in a system crash.

The problem, says Phion, is that the buffer overflow can also be exploited to inject program code, so compromising client security or, under certain conditions, could be used to turn off the host computer using a denial-of-service attack.

Perhaps worse from a security perspective, because the flaw lies in the Netio.sys component of Windows Vista, Phion says it may also be possible to hide rootkits.

Using a sample program, Unterleitner and his team have concluded that the 32- and 64-it Windows Vista Enterprise and Ultimate editions are affected by the security flaw, and that other versions of Vista are "very likely" to be affected.

What’s Hot on Infosecurity Magazine?