Vista security flaw blow to Microsoft

MICROSOFT'S security experts had an uneasy holiday break after a security flaw was discovered in Windows Vista, the software company's new operating system.

It was the first security flaw discovered since Vista's official release four weeks ago.
The flaw is a symbolic blow to Microsoft, which has spent 5 1/2 years developing Vista.

The software, which was launched two years later than originally planned, is the biggest upgrade to the operating system since the release of Windows 95 and Microsoft focused heavily on improving security.

The company confirmed the vulnerabilities, which were first reported by independent third parties, but pointed out that no malicious programs taking advantage of the flaws had yet appeared.

The flaw allows a user with standard system privileges to gain wider access to system tools and settings without the approval of a network administrator.

This potentially disables a key security feature of Vista but attackers would first need to gain access to a computer through some other means before exploiting the vulnerability.

A vulnerability in the new web browser Internet Explorer 7 was reported at the same time. Mike Reavey, operations manager at Microsoft's Security Response Centre, acknowledged on the company's security blog that it was "closely monitoring developments" over the Christmas period. "Of course these are preliminary findings and we have activated our emergency response process involving a multitude of folks who are investigating the issue in depth to determine the full scope and potential impact to Microsoft's customers," he wrote.

He added: "I still have every confidence that Windows Vista is our most secure platform to date", and said that as always, Microsoft encouraged users to take other security measures such as firewall, security updates, anti-virus and anti-spyware software.

Mikko Hypponen, chief research officer with Finnish security company F-Secure, said the vulnerability was significant for being Vista's first since its launch, but was unlikely to be a big concern either to Microsoft or corporate users of Vista, because attackers would need to already have access to the system to take advantage of it.

However, he said said criminal gangs would inevitably increase their efforts on attacking Vista.
"Within a year or two, there could be tens of millions of computers running Vista, so there will be more attacks."
This was reported by -The Australian News Website.