Start
About
FAQ
Blogroll
Shop
The Windows MessageBox exploit (also referred to as NtRaiseHardError was first released publicly on December 20, 2006. A proof-of-concept that works on Vista was released on December 31st, and verified to work by eEye Research, making it the first Vista exploit. The exploit, a vulnerability with the Client/Server Runtime Server Subsystem, allows a logged in user to have their privileges elevated to SYSTEM, and does not require user interaction (ie can be executed remotely). Microsoft is of course aware of the exploit, but no patch has yet been released. McAfee rates it as a Medium threat, as does eEye Research.
‘Windows MessageBox’ is First Vista Exploit
Get notified of new posts for FREE via RSS or E-mail
Digg
Mixx
Propeller
Slashdot
Stumble
Tips and Tricks
Windows Updates
Hotfixes
Keyboard Shortcuts
Vista's Services
Vista's Commands
Product Reviews
Glossary
Videos
Web Links
Comments
Will Next Tuesday's 3 Updates Effect Vista? | ITsVISTA
Jan 4, 2007 at 2:54 pm
[...] I would suspect that one will be a patch for the Windows MessageBox exploit, so Vista should get it. Might another be for the Vista 'Timer/2099 Crack'? I wouldn't consider it critical, but Microsoft probably does. They don't specifically say that all three are critical, so maybe this one will be 'Important', but I believe the default update setting would download it anyway. [...]
No Vista Updates for Jan 9, 2007 | ITsVISTA
Jan 9, 2007 at 12:42 pm
[...] The Security Bulletins for January 9, 2007 were just released. Among the four hotfixes, three are critical, and one is important. Three are for Office, and one is for Windows/Internet Explorer. None effect Windows Vista. This means that Windows MessageBox is still a vulnerability, and the Timer/2099 Crack will still work. [...]
Leave a Comment