Topic: 'Unfixable' Windows 7 exploit created by security experts (VBootkit 2.0)

[Samker]

Windows 7 is quite possibly the most anticipated operating system at the moment; maybe even the most highly regarded one in the last few years, but that doesn't mean it comes without flaws. According to NetworkWorld, two security researchers have created an exploit for Windows 7 that they deem 'unfixable', which allows a hacker to take full control of a system.

The researchers, Vipin Kumar and Nitin Kumar, have named their exploit 'VBootkit 2.0', and they demonstrated it on a Windows 7 virtual machine. Kumar said, "There's no fix for this. It cannot be fixed. It's a design problem." This may sound dangerous, but it's not entirely as bad as some would think. The exploit cannot be used remotely; the attacker has to have physical access to the target machine. However, if they can get access, it could be devastating. The file clocks in at a mere 3KB, and "allows an attacker to take control of the computer by making changes to Windows 7 files that are loaded into the system memory during the boot process."

Be careful, though; the latest version of VBootkit (which isn't fully ready yet) would allow remote access, can remove a user's password, and gives an attacker the highest level of privileges. This gives someone access to all of a victim's files, which, as you can imagine, is very dangerous. When the victim's computer is restarted, access is removed, but can easily be gained again by running the software.

(NeoWin)