Microsoft Corporation has removed a dangerous vulnerability in the 64 - bit version of the operating system Windows Vsita found a specialist in computer security Joanna Rutkovskoy.

The method of exploitation of this vulnerability Rutkowska demonstrated at the recent Black Hat hacker conference. The vulnerability potentially allows the system to run in almost any arbitrary code. At the release Windows Vista RC2 released in early October, the technology has not worked. This gave the specialist suggests that Microsoft managed to fix the vulnerability, not arguing about it.

Rutkowska believes that Microsoft agreed to one problem, but has created another. According to the expert, the risk of exploitation of the vulnerability of corporations eliminated by the ban on entry in the system area disc even for applications that have such rights. This can lead to compatibility problems with some programs, reports ZDNet.

Name: 98498.jpg Views: 35 Size: 39.1 KB

Moreover, the attacker was still may use to attack the driver with a digital signature. Project manager for Microsoft security units Stephen Toulouse said that perform malicious code hackers will not be able to, because it can only, with an administrator, which in Windows Vista is a special service User Account Control.

Notably, during his speech at the Black Hat Rutkowska voiced two possible ways to address vulnerability, but Microsoft seems to have decided to ignore the recommendation of a specialist.