Windows Vista Security

Some interesting articles make sure you check out Ben’s 3 monitor setup.

Researcher Reveals 2-Step Vista UAC Hack A Web application developer has uncovered a two-step process for exploiting Windows Vista’s User Account Control, by having a Trojan piggyback on what could be a legitimate download, Robert Paveza, a senior Web application developer with Terralever, published details of the vulnerability in a paper titled “User-Prompted Elevation of Unintended Code in Windows Vista.” Link to the paper follows.

User-Prompted Elevation of Unintended Code in Windows Vista Windows Vista has implemented several new security features designed primarily to alert users to potentially-dangerous situations on their computers and prevent malicious software from accessing critical system components. One of the most-touted features by Microsoft, and perhaps the most visible security addition to Windows Vista is User Account Control (UAC), in which even computer administrators do not run with full administrative privileges. This guards the user from potentially malicious software by preventing processes from writing to system folders, such as %SYSTEMROOT% and \Program Files, as well as writes to the portions of the registry that are not user-dependant, including the HKEY_LOAL_MACHINE (HKLM) and HKEY_CURRENT_CONFIG (HKCC) registry hives.

Secunia: 28% of all installed apps are insecure According to data from Secunia?s free software inspector, about 28% of all detected applications are vulnerable to a known security vulnerability. The software inspector, which uses a signature database to pinpoint the specific versions of all installed programs (browsers, plugins, IM and e-mail clients, media players, operating systems) on a user?s computer, has conducted more than 350,000 inspections since December of last year and the findings show exactly why we?re in the midst of a malware epidemic.

ANS and Security Bulletin Updates The new ANS is essentially a subset of the monthly bulletin summary we publish the second Tuesday of each month. As such, the ANS will now be published at the same URL used for that month?s security bulletin summary page (example below). For those not familiar with the monthly bulletin summary, it is a high level overview of the bulletins released for a given month that includes a list of bulletins, severity rating, impact, affected software, download locations for the updates, general deployment information and a single list of acknowledgements thanking those who have practiced responsible disclosure in reporting the vulnerabilities the bulletins address.