Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7″ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?
This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago. In those days M$ had no concept of security. Later they duplicated such flaws to maintain backwards compatibility to ease migration to the next version and to keep the licensing revenue flowing. Now a large part of IT is vulnerable. Watch the video below:
I am in the process of re-installing the OS for a teacher’s personal PC. The machine had XP SP1 on it after installing from the OEM’s 8 CD set. The process involves adding updates to software and these tweak the registry adding layers of bloat to bring the system up to snuff. Because of the registry the system needs to be frequently rebooted and one cannot just install the latest version but has to go through many steps taking many hours. After 18 hours the machine is at the point of installing SP3. Will it be another 6 hours before the thing is fully patched and still vulnerable to this fatal flaw? What a waste of human energy and money. GNU/Linux could be installed legally and up to date in a few minutes. Why do people use that other OS? I was half-hoping M$ would refuse to supply updates for this ancient machine as they have stated they will not support early versions of XP. Nope. wuauclte.exe cheerfully provided all the necessary updates to continue inflicting this pain on the world. I guess M$ would rather these old machines stayed with XP than move to a modern OS like GNU/Linux.