Windows 7 is out as a beta and the final version is expected sometime this year or early next year. Microsoft has also started to circulate the latest release candidate build of the operating system among developers and testers. Despite the fact that the operating system isn’t officially available yet, a pair of security researchers have already shown a way that a computer running Windows 7 can be completely taken over during the boot process.
Researchers Vipin Kumar and Nitin Kumar have demonstrated proof-of-concept code that the pair developed called VBootkit 2.0. The software injects code into the Windows machine during boot up and allows the complete takeover of the machine and access to all files on the system.
Vipin Kumar said, “There’s no fix for this. It cannot be fixed. It’s a design problem.”
Network World reports that while the attack allows a nefarious user to completely take over a Windows 7 computer, the attack is not a serious threat since it can’t be carried out remotely. A hacker would have to gain direct access to the computer to initiate the hack. The injected software allowing the takeover of the computer would also be erased after a reboot.
However, if the hacker had direct access to the computer, the hack would be very hard to trace. The file size needed to execute the attack is very small at 3KB and makes changes to the Windows files loaded at boot; no files are changed on the computer’s hard drive. This makes the VBootkit 2.0 software very difficult to detect.
Source: Dailytech
September 11th, 2009 at 9:40 am
[…] Not really: http://www.reviewlab.net/2009/04/25/exploit-allows-complete-control-of-windows-7-machine/ […]
September 11th, 2009 at 9:40 am
[…] Not really: http://www.reviewlab.net/2009/04/25/exploit-allows-complete-control-of-windows-7-machine/ […]