Posted on Friday, April 24 2009 @ 20:56 CEST by Thomas De Maesschalck
Two security researchers claim they've found an exploit in Windows 7 that cannot be fixed. However, the good news is that the attack takes place during the bootup process and can't be done remotely. Physical access to a Windows 7 system is necessary for the attack to work.
While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely.
VBootkit 2.0, which is just 3KB in size, allows an attacker to take control of the computer by making changes to Windows 7 files that are loaded into the system memory during the boot process. Since no files are changed on the hard disk, VBootkit 2.0 is very difficult to detect, he said.
However, when the victim's computer is rebooted, VBootkit 2.0 will lose its hold over the computer as data contained in system memory will be lost.
More info
at NetworkWorld.
