Serious vulnerabilities in Vista

IBM Information Security Systems member Mark Dowdin and VMware team member Alexander Sotirov found a way to attack against Vista. This is not based on any vulnerability but to the way memory protection works.

Attack can be performed using eg. Java in browsers.Electronista was the first to report this.

SearchSecurity has interviewed security researcher Dino Dai Zovi about this issue. He says that it's completely reusable and this which is more scary:

"They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."

Dai Zovi also said that Vista protection techiniques ASLR and DEP won't help and it allows that any vulnerability in browser can be exploited. As this is not based on any specific vulnerability, he presume that there will be more similar things in the future.

Microsoft knows about issue but hasn't commented anything yet.