A Russian hacker and a California-based security team, Determina, have already found a user privilege enhancing hack as well as a number of IE 7 problems in the current version of Vista. The flaw allows users to increase security levels on any account and run code as an administrator.
“I don’t think people should become complacent,” said Nand Mulchandani, a vice president at Determina. “When vendors say a program has been completely rewritten, it doesn’t mean that it’s more secure from the get-go. My expectation is we will see a whole rash of Vista bugs show up in six months or a year.”
While a few major bugs are to be expected at launch, it’s quite heartening to see that Vista is insecure right out of the box, ensuring users will have to patch, patch, and re-patch until New Year’s. Ready for a new day, indeed.
Flaws Are Detected in Microsoft’s Vista [NYTimes]