Vista Forums - View Single Post

**dmex** · 11-23-2008

Quote: Originally Posted by echrada

Asked about the severity of the flaw, Unterleitner pointed out that administrative rights were needed to execute a program calling the function that would cause the buffer overflow. However, he also said it was possible--but not yet confirmed--that someone could use a malformed DCHP packet to "take advantage of the exploit without administrative rights."

Another Bonus for having UAC enabled

Plus a DHCP flaw can only be done locally...It also seems 99% of Firewall software is able to block this type of attack.

If they cant release a patch and have to use a ServicePack update that means more then one component is responsible requiring a few files updated from different Teams to patch the flaw

11-23-2008	#2 (permalink)
dmex Windows Vista™ Ultimate 2,631 posts	Re: Kernel vulnerability found in Vista Quote: Originally Posted by echrada Asked about the severity of the flaw, Unterleitner pointed out that administrative rights were needed to execute a program calling the function that would cause the buffer overflow. However, he also said it was possible--but not yet confirmed--that someone could use a malformed DCHP packet to "take advantage of the exploit without administrative rights." Another Bonus for having UAC enabled Plus a DHCP flaw can only be done locally...It also seems 99% of Firewall software is able to block this type of attack. If they cant release a patch and have to use a ServicePack update that means more then one component is responsible requiring a few files updated from different Teams to patch the flaw
My System Specs