Board index » Windows Vista » Microsoft acknowledges Vista kernel elevation vulnerability

Windows Vista24
www.neowin.net/news/main/07/12/16/microsoft-acknowledges-vista-kernel-elevation-vulnerability



---



What was not supposed to happen in Windows Vista apparently has: Despite

a layer of protection that was supposed to prevent against processes

elevating their own privileges, Microsoft now says someone found a way

to do it.



A Microsoft security bulletin written earlier this week but publicized

this morning cites security software engineers SkyRecon Systems as

having discovered a way for processes in both 32- and 64-bit versions of

Windows Vista to elevate their own privilege to administrator level.

This discovery would likely be the latest in several months to thwart

the designs of PatchGuard, Microsoft's series of measures for innovating

the design of the operating system kernel in the interest of thwarting

the most common attacks that


-

Its sad that there are some people who work 24/7 specifically to make life

difficult for computer users. No matter what is created to protect us, some

jackass is going to try to break it.



--

Mike Hall - MVP

msmvps.com/blogs/mikehall/default.aspx" >msmvps.com/blogs/mikehall/default.aspx









"occam" <occam@razor.dot.com>wrote in message

-

Mike Hall - MVP wrote:

Ironically, Symantec made it public. A patch was released on Dec 11th so

calm down, Mike.



Alias

-

"Mike Hall - MVP" <mikehall@mvps.com>wrote in message



So you think the security software engineers at SkyRecon Systems are

jackasses?



ss.





-

"Mike Hall - MVP" <mikehall@mvps.com>wrote in message

Not everyone that does that wear black hats Mike. IIRC, some companies are

hired to do exactly what these people did. Identify the processes that are

broken. I know from personal experience that sometimes a set fresh eyes is

what you need to find and fix potential problems. If the white hat guys

don't...the black hats certainly WILL.



--

Ok, I admit it, I killed Barney!!

www.lockergnome.com/darksentinel" >www.lockergnome.com/darksentinel

You know what to do with the munge





-

I think his point is not that this group necessarily was doing

anything bad.

More so that resources need to be invested doing this sort of thing

because of those so intent on making computer use difficult.



If those with malicious intent stopped, computer use could be far

cheaper and easier since malware and prevention of would not be an

issue.

Resources could then be spent at nearly 100% to improving the computer

experience rather than so much just to protect from those whose

purpose is disruption.



--

Jupiter Jones [MVP]

www3.telus.net/dandemar" >www3.telus.net/dandemar







"DarkSentinel" <darkmungesentinel@munge.charter.munge.net>wrote in

message news:8FFF087C-BB80-4A6C-9D7B-8BA2C842ADD9@microsoft.com...

-

"Jupiter Jones [MVP]" <jones_jupiter@hotnomail.com>wrote in message

Oh I agree 100%. I always wonder what these people could do if they put

their minds to it. As good as I am on the hardware and network side, I'd

like to be that good on the programming side.



--

Ok, I admit it, I killed Barney!!

www.lockergnome.com/darksentinel" >www.lockergnome.com/darksentinel

You know what to do with the munge



-