Microsoft Vista vulnerability discovered

By

Two vulnerabilities have been uncovered in Microsoft Windows Vista and Internet Explorer 7 (IE7).

Microsoft Vista vulnerability discovered
Both weaknesses, discovered by security researchers at the French Security Incident Response Team (FrSirt), are rated as low risk, but are likely to cause embarrassment to the software giant as they affect the latest versions of its operating system software and web browser.

The bug detected in Vista is due to a problem with a component that does not validate user permissions correctly, which could be exploited by an attacker to steal personal data from the user’s computer, according to an advisory on FrSirt’s website.

The error affects Windows Vista, XP, 2000 and Windows Server 2003.

Microsoft touted Vista as its most secure platform to date and implemented a plethora of new security features, including IE7 protected mode and phishing filter, user account control, improved firewall, parental control and Windows defender.

The IE7 flaw could be exploited by malicious websites to create spoofs and launch phishing attacks, the alert said. This is caused by an error in the browser when handling some “onunload” events, which could be used by hackers to mimic the displayed address bar and trick the user into visiting a malicious web page, the security company claim. The remotely exploitable vulnerability also affects IE6.

Microsoft has yet to release any patches for the weaknesses and did not respond to a request for comment.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Log In

  |  Forgot your password?