Less than a month from its official release to corporate customers, a vulnerability was already discovered that affects Vista. According to Microsoft and others, the vulnerability can only be exploited if an attacker already has access to the system, meaning they would need to be physically sitting in front of the computer or have already compromised through some other means that would provide remote access.
According to F-Secure’s Mikko Hypponen, “The bottom line is you couldn’t use a vulnerability like this to write a worm or hack a Vista system remotely. It only has historical significance in that it’s the first reported vulnerability that also affects Vista. It’s a nonevent in other ways.”
The media of course jumps all over the news, stating repeatedly how this is reportedly Microsoft’s most secure platform ever. I think most would agree that it is, in fact, the most secure yet. However, “most secure” and “impenetrable” have entirely different meanings. There will still be flaws. Hopefully there will be fewer and hopefully those that are found will not be the type that allow an attacker to gain complete control of vulnerable systems remotely or the type that are easily exploited via a worm or other malware code. But, I am sure that this will by no means be the last Vista vulnerability we hear about.