FTA: XP is immune.

It's a shame Microsoft is too blind to realize what assets they have, before, ya know, they destroy them.

Let's hope Microsoft gets off it's high horse and supports XP until the users don't want to use it anymore... and not the other way around.

I still can't believe that MS is dictating that I should use an insecure OS... honestly.

"The vulnerability affects Enterprise and Ultimate versions of Vista in both 32 and 64 bit flavours of the operating system"

Possibly a daft question but does this mean that it hasn't been tested on the other editions or does it mean that the other editions don't have this flaw?

It's called upgrade. Your choice if you prefer XP or Linux.

...install XP.

=P

"A fix for the flaw from Microsoft is unlikely until the next service pack for Vista, according to Thomas Uterleitner of Phion."

That's a stunning suggestion. The BugTraq post makes it quite clear that the cause is simply trusting a "number of bytes to copy" parameter, rather than validating it. That would be a two-line fix then, with NO change in the intended behaviour, for something that allows privilege escalation. It was reported on 22nd October, so it probably missed the deadline for November's patches (these things have to be regression tested), but I'd expect to see it next month. If you can't regression test a "no-op" in less than a month, there's something wrong with your process.

At least there aren't that many people using Vista...

C'mon, you're talking about Vista here. Potential damage to the what what of what?

Try skulking about in a more upscale neighbourhood. Shutting off the car engine helps to keep the connection alive.

I just knew when I clicked on the comments that there would be plenty of posts saying things along the lines of "The unofficial fix is to install XP".

The sad thing is that it is actually true.

"Possibly a daft question but does this mean that it hasn't been tested on the other editions or does it mean that the other editions don't have this flaw?"

It's all in the BugTraq posting. They've only tested those two editions. Given the nature of the flaw, they presume that other editions are affected.

Also, note that you have to run the malware as an Administrator or a Network Configuration Operator to be at risk. In the first case, you've already lost, so unless you have some of your users in the second group, it isn't strictly a vulnerability. (That's probably why they haven't bothered to check the more domesticated editions.)

The only people who can exploit the bug are members of the Network Configuration Operators group. (Administrators already have full access to the machine so there's nothing for them to exploit.)

Number of users in that group by default: Zero.

I'm sure there are a few cases where people are using that group, and Microsoft's slow response at issuing what should be a trivial fix -- just bounds-check the input -- for a bug that will be serious to some is a disgrace, but let's keep things in perspective. This won't affect many people and blanket "lol, you shoud go back to XP" statements are ignorant & stupid.

You're forgetting about all the legitimate Microsoft services running in the background that are explicitly using this 'feature'.

I find switching off my wireless card then back on again results in a reconnect 99% of the time on my Toshiba.

Still a massive pain in the backside though, and why I mostly use XP still (and I'd have to admit that I like Vista, I don't have any other problems when using it)

"Administrators already have full access to the machine so there's nothing for them to exploit."

Uh, sorry, but I think that since they are Admins of the machine, any exploit they attempt to use will obviously succeed.

So it's not "there's nothing for them to exploit", but more like "there's nothing to protect them from an exploit".

All,

please note that phion HAS NOT published an unofficial vix for the Vista vulnerability but a remedy for its netfence entegra product.

Thanks,

Constanze