Win7: Security Hole 'Unfixable', Experts Say

Security researchers believe they have found a problem with Windows 7 that cannot be fixed. Thankfully, it can only be exploited by people with physical access to a computer.

Vipin Kumar and Nitin Kumar demonstrated how to attack a machine using the security gap at a conference in Dubai known as Hack In The Box. They've created an application named VBootKit 2.0 which takes up just 3KB of space.

Once installed on a machine, the application can temporarily remove the user's password, then give anyone connected to the machine (through a local area network or the Internet) the ability to remotely control the machine. They'll also be able to increase their user privileges to the highest level, letting them do even more damage.

'Fundamental Design Flaw'

The application works by changing some of the files which Windows loads into memory during startup. The trick: this doesn't modify any files stored on the hard drive, making it difficult for security software to detect or remove it.

The researchers say the technique takes advantage of the fact that Windows 7 works on the assumption that it can't be compromised during the booting process. They say this is a fundamental design flaw and means the loophole can't be fixed. (Source: pcworld.com)

Hackers Must Get Up Close And Personal

However, there are two major limitations to the technique: first, the hacker must be physically present to install the application. That means attacks would be limited to rogue staff acting within an organization, or determined hackers who were willing to trespass on a property.

The second drawback is that the application is stored in temporary memory, meaning that it dies as soon as the computer is switched off or rebooted. While this reduces the chances of it being detected, it does mean the hacker would only have one shot at gathering any data or attacking the machine. (Source: techradar.com)

However, that 'one shot' could have devastating results for Windows 7 users expecting that they'll be running a new, and by extension a somewhat invulnerable, operating system.