You are here

New Windows Vista Security Hole

The Dvorak Uncensored blog points the way to a story about a vulnerability discussed at Black Hat. It appears that through the use of low-level, web-browsing related technologies control can be seized of Windows Vista computers notwithstanding new security protocols found in Vista. The aspect that is even more disturbing is how the vulnerability is not limited to Windows Vista alone but could be utilized against other platforms.

For libraries with public-access computing that can access the Internet, this may force some thinking about potential vulnerabilities.


Quite apart from the bushel of salt you need when reading anything by Dvorak, you might want to read this Ars Technica piece about the reality of this particular "threat."

Note that the major Big Deal here is that Vista's improved resistance to such attacks, as compared to XP, might be reduced--certainly not that it's more attack-prone. So, unless you've been fretting for years about the vulnerabilities of XP (or W2000, the predecessor to XP), every C++ program, every JavaScript program, Linux, and indeed everything that's not in pure Java or .NET--well, then, you should consider how much time you'll spend on the possibility that Vista isn't quite as much more secure as it might be. Those potential vulnerabilities have been there as long as there have been OSes and languages with buffers.