Vista's Security is made completely useless by a new vulnerability
See the article from Neowin
This week at the just completed Black Hat Security Conference at Caesar’s Palace in Las Vegas, two security researchers discussed their findings which could completely bring Windows Vista to its knees.
Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista’s Address Space Layout Randomisation (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser. The researchers were able to load whatever content they wanted into any location they wished on a user’s machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects.
This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.
I wonder does this problem affect other Windows Systems such as NT, 2000 and XP plus Server operating systems of course. Its almost as if people are looking for ways to bring down Microsoft – they seem obsessed. Although to know the problem which in this case is considerable is warranted.
I would have thought that this would have been something that would have been checked – I don’t use Internet Explorer or any other Microsoft based application for access to the Internet.