Microsoft can't defend Windows Vista

Summary:Windows Defender for Vista has failed miserably when it comes to protecting users of Microsoft's latest operating system from a very basic attack.The penetration of Windows Vista is increasing but all the signs point to users of Microsoft's new OS facing a very scary few months when it comes to security issues.

Windows Defender for Vista has failed miserably when it comes to protecting users of Microsoft's latest operating system from a very basic attack.

The penetration of Windows Vista is increasing but all the signs point to users of Microsoft's new OS facing a very scary few months when it comes to security issues.

Vista has only been on the shelves for about a month but big businesses have been playing with the final release since December 2006. Microsoft didn't find it necessary to patch the new operating system in its most recent batch of patches, which were issued last week.

However, the February patch Tuesday did fix a critical vulnerability in Windows Defender, which is a security tool that, according to Microsoft's Web site, is designed to protect Vista from "pop-ups, slow performance, and security threats caused by spyware and other unwanted software".

Because of the flaw in Defender, a specially crafted PDF document e-mailed to a users' PC could result in remote code execution as soon as that file is scanned by Microsoft's security tool.

According to a security bulletin published by Microsoft: "An attacker could exploit the vulnerability by constructing a specially crafted PDF File that could potentially allow remote code execution when the target computer system receives, and the Microsoft Malware Protection Engine scans, the PDF file".

The situation is likely to get a lot worse before it gets better.

Last December I was fortunate enough to have a lunch with David Perry from Trend Micro, who described a "sweet spot" for attacking Windows Vista, which will appear once there is a critical mass of Vista users but before Microsoft releases the first service pack.

According to various sources, SP1 for Vista will not arrive till the second half of this year.

This means that early adopters of Vista are likely to face a turbulent few months as newly discovered vulnerabilities are exploited in both the operating system and its applications.

Topics: Security, Malware

About

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.