Nasty-sounding new exploit discovered by researchers at IBM and VMWare:<br><br>http://www.neowin.net/news/main/08/08/08...-by-new-exploit<br><br>It may all be empty fearmongering, until third parties evaluate what gets presented this week, but I hope it's not how it sounds:<br><br>While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren't based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista's fundamental architecture. According to Dino Dai Zovi, a popular security researcher, "the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."<br><br>Supposedly it's easy to do, and it's not yet known whether older versions of Windows are vulnerable too.<br><br>Here's the part I don't get:<br><br>Mike Reavey, group manager of the Microsoft Security Response Center, said the company has been aware of the research and is very interested to see it once it has been made public.<br><br>That sounds like the researchers will be telling the world at the same time they tell the details to the vendor! Shouldn't the vendor be notified well in advance? Sounds irresponsible--I'd expect that from lone trolls lashing out (as we've seen with Apple flaws), but not from IBM and VMWare.<br><br>Does the research being "made public" mean something too vague to be of any use to malicious hackers? If not, then I'd want Microsoft to know the full details ahead of time so they can issue a patch (if possible). People could stand to lose important data/personal details--and I personally stand to receive the spam when their machines get zombified <br><br>nagr[color:red]o</font color=red>mme<br><br>I require stroyent!<br>TeamMacOSX.com | MacClan.net

Over here<br><br>

I love how folks always link to neowin, who actually stole the article from another site.<br><br>In any case the article is a little sensationalist as the actual presentation they give was run on XP, and Vista SP0, not Vista SP1. They also state at the end of the presentation that the vulnerability they expect to be patched, so where the whole idea that it will never be patched comes from, I have no idea.<br><br><br><br>Hey I'm an F'n Jerk!®

I still like the VISTA movie the best where it shows that to make VISTA they took code from Windows CE, some from Windows ME, and some from Windows NT... and made CE-ME-NT !! <br><br>now THAT's funny !!!<br><br>David (OFI)

Sounds like a combination of outright false info (not just the headline) AND a stolen article! Hopefully this is as much of a false alarm as you say.<br><br>I hope it's also false that Microsoft wasn't given the details far in advance of the public.<br><br>nagr[color:red]o</font color=red>mme<br><br>I require stroyent!<br>TeamMacOSX.com | MacClan.net

Also, the Java exploit they demonstrated should potentially affect linux and Mac OS X as well. The .NET exploit is what specifically can bypass certain Vista features, and of course also XP.<br><br>Just good examples of why people shouldn't run as administrator on any platform, and leave UAC enabled on Vista.<br><br><br>Hey I'm an F'n Jerk!®

Speaking of flawed and inferior software, where IS Akula? He's been MIA since March.<br><br>- alec -

I wonder if Mono can be exploited the same way? And Mono-related products like the Unity game engine?<br><br>nagr[color:red]o</font color=red>mme<br><br>I require stroyent!<br>TeamMacOSX.com | MacClan.net