UK Gadget and Tech News, Reviews and Shopping

Trending News

- Head of Windows Steve Sinofsky Leaves Microsoft: What Does It Means For The Future Of Microsoft?
- Blockbuster UK Follows HMV & Jessops And Goes Into Administration
- Sony Xperia Z Tablet To Launch Alongside Smartphone? 10-inch HD Screen, Quad-Core CPU?
Facebook Instagram Youtube
Menu

Windows 7’s flaw without a fix.

windows7_v_webResearchers have uncovered what they seem to think is a flaw in Windows 7 that has no fix.  At the Hack in the Box Security Conference in Dubai, Vipin Kumar and Nitin Kumar demonstrated their Vbootkit 2.0 software, and used it to take control of a computer running Windows 7 at boot time.

The hack bypasses the security in Windows 7 by altering the files that get loaded into RAM at boot. The code is only 3KB in size and can allow an attacker to elevate their privileges to the system level, it can also change the administrator password, and allow access to files and folders. Once the hack has been completed the software can reset the password. As the hack only lives in RAM, a reboot will flush the malicious code, and the hack undetectable.

Currently, the code is invisible to any AV vendors software. Although the good news is that the attacker must be present at boot to administer the code. Vbootkit, or Vista bootkit was originally developed for Microsofts current OS, but 2.0 has been developed for Windows 7.

This is not the first time Windows 7 has been the focus of security concerns, the User Account Control (UAC) feature that annoyed so many in Vista was tweaked in W7 to allow it to be disabled without prompting. This cut down the annoyance factor, but allowed a malicious script to emulate keystrokes, disable UAC and force a reboot, thus leaving the operating system open to whatever payload the attacker would have you suffer.

Windows 7 will not be shipping until the end of next year or beginning of the next, so Microsoft have a bit of time to come up with a solution or workaround. However the version of Vbootkit for Vista is able to take control of a computer remotely.

4 thoughts on “Windows 7’s flaw without a fix.

  • “used it to take control of a computer running Windows 7 at boot time”

    hahaha. Honestly, this is a complete metaphor about what is wrong with Microsoft. Is it me or do they always seem to be a step behind? It is crazy that world runs on Microsoft but at least its only a dev version of windows 7. As you say this can be rectified before release. No doubt though that it will be delayed in typical Microsoft fashion.

    Very nice blog!

  • It is very nice blog and it happens every time with Microsoft there were many issue with window xp and after that window vista as well then same situation with window 7 also

  • Does any know how to fix the bold lettering, It just popped out of nowhere….anyone now whats causing this???

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

An absolute tech junky, I graduated from the University of Manchester with a degree in Computing and now live on the outskirts of Leeds working with you guessed it, Computers. I love all things gadgety but really dislike wires. For those of you who haven’t worked it out the name of the site is a combination of my nickname (Gaj) and the pronunciation ‘Gadget’.
UK Gadget and Tech News, Reviews and Shopping
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.