New Vista Security Flaws - Should we be concerned?

Should we be concerned about two more dangerous exploits/security flaws
uncovered by “Long” and “Zheng” (two Swedish security experts using these
names to hide their identity from Microsoft)?:

"The first exploit is a bug inside the keyboard and mouse subsystem which
enables the targeted system to be hijacked and maliciously delete files,
folders, music, torrents and other important sounding stuff without the user’s
authorization or control.

Details of how such an exploit works are sketchy, but leaked documents
reveal the keyboard and mouse APIs offers unprecedented amount of control
over an operating system, allowing anyone and everyone to have full access
to your computer with or without your authorization. This exploit allows
anyone ranging from younger siblings to gang leaders who could use brute
force, such as a punch or tickle, to gain access to your keyboard and mouse
cursors and perform malicious activities such as browsing The Inquirer or
deleting vital fraudulent financial documents.

A second exploit highlights a serious flaw inside the popular
Windows-platform development tool, Visual Studio. An undocumented feature
inside this software is said to enable the ability for malicious users to
compile and execute unsigned and potentially damaging source code. If users
somehow come across malicious source code and decide to copy, paste, compile
and execute within Visual Studio, the resulting application could change
wallpapers, block access to YouTube, increase the volume and other serious
irreversible damages to the computer system."

 

This exploit allows anyone ranging from younger siblings to gang leaders

Read it again, its a joke.

 

Sorry Mark, but NO, it ain't a joke! Read here:

http://www.istartedsomething.com/20070206/more-vista-exploits

 

Sorry Mark, but NO, it ain't a joke! Read here:

Haha, just because it has a url doesn't mean its not a joke.

Vulnerability one:
- Vista allows someone to hijack a computer due to a flaw in the "keyboard
and mouse subsystem"
- "This exploit allows anyone...who could use brute force, such as a punch
or tickle, to gain access to your keyboard

Vulnerability two:
- Visual Studio allows malicious users to "compile and execute unsigned and
potentially damaging source code"
- "If users somehow come across malicious source code and decide to copy,
paste, compile and execute within Visual Studio, the resulting application
could change wallpapers, block access to YouTube, increase the volume and
other serious irreversible damages to the computer system."

and also:

"Next week, keep an eye out for the exclusive report on why Solitaire is a
fire hazard. How the end-game fireworks might burn down your operating
system."

etc.

 

Watch for your favority security vendor to publish Intrusion Prevention
System signatures soon to protect you against these types of glaring issues.
I heard the leading analyst organizations are preparing statements to warn
people too.

 

Jesper:
Hopefully there will be a better tool. The only tool that's been
able to control the loose nut behind this keyboard is to turn the computer
off. Have a great day.

 

In fact, I understand the leading keyboard manufacturers are working on some
safegurads - childproof keyboard covers and fingerprint-sensitive mice.

--

Kevin Spencer
Microsoft MVP
Software Composer
http://unclechutney.blogspot.com

The shortest distance between 2 points is a curve.