An ‘ethical hacker’ based in New Zealand gave a public demonstration of an old Windows flaw at the Kiwicon hacker conference in Wellington after he discovered it was not completely fixed and had exposed some 160,000 computers in New Zealand alone.

Beau Butler told The Age that he tried to alert Microsoft to the problem by email before going public with his research but failed to get any response.

“I assumed they were aware of the issue,” he said. The “bug” was first recognized five years ago, but was supposed to have been fixed.

The public demonstration seems to move engineers and security team of Microsoft to look deeply on the issue.

In an email to The Age, Microsoft’s general manager of product security, George Stathakopoulos, said that “Now that we understand the issue we’re researching comprehensive mitigations and workarounds to protect customers.”

Interestingly, the flaw was apparently fixed over five years ago. But it appears Microsoft’s fix does not seem to be working all that well.

The company confirmed that the flaw was indeed serious and has asked Butler and The Age not to disclose further details of the flaw while Microsoft’s security team is working on a fix.

The design flaw affects all versions of the Windows OS, including the latest version, Vista. However, it does not affect every Windows computer, Stathakopoulos said. The vulnerability depends on how users configure its Windows system.

Related:

Entry was posted on Wednesday, November 28th, 2007 at 1:33 am under Microsoft, Security, Vista.

Read more entries by Ruben Francia.
Stumble It!