Vista buffer Overflow major security vulnerabilities

Windows Vista is a version of Microsoft's Windows operating system. Microsoft initially officially announced the name on July 22, 2005, before operating system development code Longhorn. The internal version of Windows Vista is 6.0 (that is, Windows NT 6.0) and the official build is 6.0.6000. On November 8, 2006, Windows Vista was developed and officially entered mass production. The next two months are available only to MSDN users, computer hardware and software manufacturers, and corporate customers. On January 30, 2007, Windows Vista was officially sold to ordinary users and could also be downloaded from Microsoft's website. Windows Vista has been in the previous version of Windows XP for more than five years, which is the oldest time in Windows version history.

Windows Vista contains hundreds of new features, notably the new version of the graphical user interface and the new interface style called "Windows Aero", the Enhanced Search feature (Windows indexing Service), New multimedia authoring tools, such as Windows DVD Maker, and redesigned network, audio, output (print), and display subsystems. Vista also uses point-to-point technology (PEER-TO-PEER) to enhance the ability of computer systems to communicate in a home network, making it easier to share files and multimedia content between different computers or devices.

Austrian security firm Phion said in a statement that its researchers had recently uncovered another security vulnerability in Vista that could allow an attacker to cause a buffer overflow and run unauthorized code on a PC using a vulnerability in Device IO control.

The problem exists in Device IO control, which is used to handle internal device communications, and researchers at the Phion Institute found two ways to cause a buffer overflow that could disrupt kernel storage of the operating system.

Phion's endpoint security software director, Thomas Unterleitner, says that in general, only a certain amount of access will allow a hacker to exploit a related vulnerability to attack the system, but the vulnerability is the one that allows hackers to trigger a buffer overflow without any administrative privileges. Unterleitner added that it allows hackers to install a very small malware rootkit, the current computer is difficult to detect rootkit, the removal of the more laborious.

Phion already notified Microsoft of the problem on October 22, and Microsoft replied phion that it would issue a patch software in Vista's next service pack to fix the problem, and that Microsoft had just released a beta version of Vista SP2 last month and that the official version would not be released until next June.

Unterleitner says many people are interested in the loophole: "We have received requests from many parts of the world to provide detailed information about the vulnerability." ”

Microsoft officials have not commented on the issue at the moment.