From TFA: Microsoft confirmed it learned of the so-called “zero-day” flaw months ago.
According to Microsoft, “An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Linux and Mac have forced you to use Sudo to access low-level stuff for quite a while now, most Windows home users, prior to Vista, have been running as local admin, and were very vulnerable to this. Vista and Win7 made a lot of improvements in this area, but there are still far too many compromises possible.
http://www.wired.com/threatlevel/2010/01/microsoft-zero-day-flaw
In other news, Microsoft released a patch for this particular exploit.
http://www.pcmag.com/article2/0,2817,2358284,00.asp
http://tech.slashdot.org/story/10/01/21/2135226/Microsoft-Patches-Google-Hack-Flaw-In-IE?art_pos=17
According to Microsoft, “An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Linux and Mac have forced you to use Sudo to access low-level stuff for quite a while now, most Windows home users, prior to Vista, have been running as local admin, and were very vulnerable to this. Vista and Win7 made a lot of improvements in this area, but there are still far too many compromises possible.
http://www.wired.com/threatlevel/2010/01/microsoft-zero-day-flaw
In other news, Microsoft released a patch for this particular exploit.
http://www.pcmag.com/article2/0,2817,2358284,00.asp
http://tech.slashdot.org/story/10/01/21/2135226/Microsoft-Patches-Google-Hack-Flaw-In-IE?art_pos=17