Vista kernel is vulnerable
Discovered by Austrian researcher Thomas Unterleitner of the insecurity company Phion and announced last Friday, the buffer overflow flaw reportedly exists in Vista's networking I/O subsystem.
It can cause a blue screen of death system crash, allow denial of service attacks, or enable injection of rootkits or other malware such as viruses, trojans, bots or keyloggers.
Unterleitner told ZDnet UK that Phion had notified Microsoft of the vulnerability in October.
Phion successfully tested an exploit of the vulnerability against Vista Enterprise and Vista Ultimate and believes that other versions of Windows Vista are "very likely" also vulnerable. It says that both 32-bit and 64-bit versions of the operating system contain the flawed code.
Windows XP reportedly doesn't contain the vulnerability.
-----------------------------------------------------------
See story here