Sometimes I get the sense that the ledes are already written, just waiting for an excuse to get printed to paper.
If you don't already realize it, the news media is blowing this Vista privledge escallation POC way out of proportion. Its a local escallation issue, not a remote attack, and I haven't looked in detail but I'm not aware that exploitation has actually been demonstrated on Vista. The idea that this would percipitate a "crisis in confidence" in Vista Security is a figment of some editor's imagination. Vista has exploit protection technology that is currently viewed as pretty tough by computer security researchers. No one is saying its insurmountable, but it definately raises the bar. This news doesn't change a thing in that regard. Wake me up when MetaSploit publishes a working remote module. (That WILL happen eventually, mind you, but I don't currently think that it will be as easy to turn bugs into sploits in this OS as in previous ones, and only time will demonstrate if I'm right.) Vista flaw exaggerated |