Boot Record Rootkit Brings Windows Vista to Its Knees
A new boot record rootkit in the wild has the potential to bring Windows Vista down to its knees. Despite having applauded Windows Vista throughout 2007 as the most secure Windows operating system on the market, the latest Microsoft client still has some problems involving write-access to raw disk sectors. In this context, in early January 2008, GMER revealed that at the end of 2007 a new stealth MBR rootkit was detected in the wild, which could compromise Windows Vista.
“Unfortunately, all the Windows NT family (including VISTA) still have the same security flaw MBR can be modified from usermode. Nevertheless, MS blocked write-access to disk sectors from userland code on VISTA after the pagefile attack, however, the first sectors of disk are still unprotected”, the GMER member explained. “At the end of 2007 stealth MBR rootkit was discovered by MR Team members and it looks like this way of affecting NT systems could be more common in near future if MBR stays unprotected.” Read More»
Loading ...
