Link....
Researchers demonstrate "unfixable" Windows 7 exploit
By Jose Vilches, TechSpot.com
Published: April 24, 2009, 5:59 PM EST
Researchers at a recent hackers' conference in Dubai have demonstrated what they claim is an unfixable exploit for Microsoft’s upcoming operating system. Apparently, they've found a way to gain control of a Windows 7 machine during the boot up process though the use of a tiny 3KB program dubbed VBootkit 2.0. Since no data is altered on the drive itself, it is hard to detect and of course even harder to remove.
Once loaded, an attacker could potentially change passwords, access protected files, or do just about anything else remotely and then leave without a trace. Unlike most exploits out there, VBootkit 2.0 can't be installed remotely, so an attacker would need physical access to a machine in order to compromise it. Moreover, rebooting the computer gets rid of the security threat, as system memory is cleared during the process.
Its severity is debatable, then, considering it can’t automatically spread through the web. However, it could be a concern for businesses and people using computers in public places. Microsoft hasn't commented on the exploit, but its creators say the problem stems from Windows 7’s assumption that the boot process is immune from attacks. It’s a design problem, they claim, one that cannot ever be fixed.
By Jose Vilches, TechSpot.com
Published: April 24, 2009, 5:59 PM EST
Researchers at a recent hackers' conference in Dubai have demonstrated what they claim is an unfixable exploit for Microsoft’s upcoming operating system. Apparently, they've found a way to gain control of a Windows 7 machine during the boot up process though the use of a tiny 3KB program dubbed VBootkit 2.0. Since no data is altered on the drive itself, it is hard to detect and of course even harder to remove.
Once loaded, an attacker could potentially change passwords, access protected files, or do just about anything else remotely and then leave without a trace. Unlike most exploits out there, VBootkit 2.0 can't be installed remotely, so an attacker would need physical access to a machine in order to compromise it. Moreover, rebooting the computer gets rid of the security threat, as system memory is cleared during the process.
Its severity is debatable, then, considering it can’t automatically spread through the web. However, it could be a concern for businesses and people using computers in public places. Microsoft hasn't commented on the exploit, but its creators say the problem stems from Windows 7’s assumption that the boot process is immune from attacks. It’s a design problem, they claim, one that cannot ever be fixed.
Comment