• Main
  • Forums
Home » Forums » Windows » Windows 7

Experts Say Windows 7 Security Hole is Unfixable

Admin's picture

Admin —Tue, 04/28/2009 - 08:37

Security researchers believe they have found a problem with Windows 7 that cannot be fixed. Thankfully, it can only be exploited by people with physical access to a computer.

Vipin Kumar and Nitin Kumar demonstrated how to attack a machine using the security gap at a conference in Dubai known as Hack In The Box. They've created an application named VBootKit 2.0 which takes up just 3KB of space.

Once installed on a machine, the application can temporarily remove the user's password, then give anyone connected to the machine (through a local area network or the Internet) the ability to remotely control the machine. They'll also be able to increase their user privileges to the highest level, letting them do even more damage.

'Fundamental Design Flaw'

The application works by changing some of the files which Windows loads into memory during startup. The trick: this doesn't modify any files stored on the hard drive, making it difficult for security software to detect or remove it.

The researchers say the technique takes advantage of the fact that Windows 7 works on the assumption that it can't be compromised during the booting process. They say this is a fundamental design flaw and means the loophole can't be fixed. (Source: pcworld.com)

Hackers Must Get Up Close And Personal

However, there are two major limitations to the technique: first, the hacker must be physically present to install the application. That means attacks would be limited to rogue staff acting within an organization, or determined hackers who were willing to trespass on a property.

The second drawback is that the application is stored in temporary memory, meaning that it dies as soon as the computer is switched off or rebooted. While this reduces the chances of it being detected, it does mean the hacker would only have one shot at gathering any data or attacking the machine. (Source: techradar.com)

However, that 'one shot' could have devastating results for Windows 7 users expecting that they'll be running a new, and by extension a somewhat invulnerable, operating system.

  • Windows 7

Add new comment

The content of this field is kept private and will not be shown publicly.

More information about text formats

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
Are j00 a r0wb4wt?

New forum topics

  • willing to give a strong development
  • Windows Memory Testing Tool
  • WSUS Offline Windows Update
  • Windows Auto Start Locations
  • Make a Hidden User Account in XP / Vista / Win7
More

Active forum topics

  • willing to give a strong development
  • Windows Auto Start Locations
  • Top 9 tweaks for a faster (and less annoying) Vista PC
  • Cannot delete file: Cannot read from the source file or disk
  • Windows Memory Testing Tool
More

Recent comments

  • Wananaroiv 1 day 18 hours ago
  • Activation 2 months 1 week ago
  • Thanks for this. Fixed me 4 months 2 weeks ago
  • WOW thank you SOOOOOOOOO much 10 months 4 days ago
  • Problem with activation 11 months 3 weeks ago
  • Thanks for the help! 1 year 2 weeks ago
  • Dropbox is leet too! 2 years 9 months ago
  • internet explorer beta 8 3 years 3 months ago
  • w00t! 3 years 3 months ago

Search form

Navigation

  • Add content
  • Search
  • Recent content

User login

  • Create new account
  • Request new password

Who's online

There are currently 0 users online.

  • Main
  • Forums