Microsoft Monitoring Flaw Found in Vista Software (Update2)

By Rochelle Garner - December 27, 2006 18:42 EST

Email
Share
Share
- Business Exchange
- Twitter
- Delicious
- Digg
- Facebook
- LinkedIn
- Newsvine
- Propeller
- Yahoo! Buzz
Print

Dec. 27 (Bloomberg) -- Microsoft Corp., the world's largest software maker, is monitoring a flaw in its newly released Windows Vista software to ensure hackers don't manipulate the operating system.

Microsoft is still investigating the problem, Mark Miller, director of the Microsoft Security Response Center, said in an e-mail today. The vulnerability, which makes it possible to shut down a Web site or gain more access privileges, is also in previous versions of Windows, Microsoft said last week.

Vista, released to corporate users on Nov. 30 after more than two years of delays, is the first new version of Microsoft's Windows operating system since 2001. The flaw poses only a minor threat, according to Symantec Corp., the world's biggest maker of security software, because attackers must already have access to computers they want to compromise.

``If all the flaws that emerge are this level of seriousness, Microsoft would probably consider themselves pretty lucky,'' said Dave Cole, director of Symantec Security Response, which analyzes potentially damaging software on the Internet. ``Vista will be under the white-hot glare of scrutiny by the security and the hacker communities for easily the next year.''

For Redmond, Washington-based Microsoft, the vulnerability ``is egg on their face so soon after the release of Vista,'' said David Marcus, security research and communications manager for McAfee Inc.'s Avert Labs. McAfee, based in Santa Clara, California, is the second-biggest maker of security software.

Hackers sometimes put out ``proof-of-concept'' programs to probe a system's weak spots. This particular software flaw may allow hackers to wage denial-of-service attacks, which can shut down Web sites. Or it could let them raise their privilege levels on infected personal computers, permitting them access to more data.

Miller said that while Microsoft focused on making Vista as secure as possible, hackers will always try to find flaws.

``Security issues will continue even with more secure operating systems because the threat bar will continue to be raised and hackers will become more aggressive,'' he said.

Microsoft will release Vista to consumers on Jan. 30.

Shares of Microsoft rose 3 cents to $30.02 at 4 p.m. New York time on Nasdaq Stock Market composite trading. They have advanced 15 percent this year.

To contact the reporter on this story: Rochelle Garner in San Francisco at rgarner4@bloomberg.net