A system-crashing bug with potential malware implications has been uncovered in Vista. But a fix for the vulnerability, which revolves around flaws in the operating system’s network stack, may have to wait until the next service pack.
The TCP/IP stack buffer overflow was discovered by security researchers at Austrian firewall firm Phion in October. Details of the flaw, which also creates a potential mechanism to inject hostile code into vulnerable systems, were disclosed in a posting to BugTraq on Friday.
The vulnerability affects Enterprise and Ultimate versions of Vista in both 32 and 64 bit flavours of the operating system. XP is immune. Phion has published a workaround in the absence of a fix from Microsoft itself.
More info: BugTraq
Source:→ The Register