Windows Vista, the upcoming operating system (OS) that Microsoft claimed to be the most secure of all OS, was hacked last week at the Black Hat hacker conference.

Reportedly, in order to check the vulnerability of Windows Vista, Microsoft had handed over its test versions to 3,000 researchers in the conference and asked them to try hacking it. A researcher, Joanna Rutkowska, from Coseinc, a Singapore-based security firm, showed how it is possible to bypass security measures in Vista that prevents unsigned code from running.

Rutkowska explained that the security systems in Vista can be sidestepped by using a piece of malicious software she had created and dubbed as Blue Pill. She also admitted that she had to perform the hack in higher privileged administrator mode rather than the lower privileged user account control.

By conducting this activity, the company was hoping to convince the industry that the Vista will be the most secure and malware-proof system in the market. Reportedly, Vista is the first Microsoft products that the company is sending through its "Security Development Lifecycle", which aims at getting rid of all security vulnerabilities before shipping.

Microsoft has now said that it is investigating solutions to help protect Vista against the attacks demonstrated. In addition, the company is also working with its hardware partners to investigate ways to help prevent the virtualization attack used by the Blue Pill.

According to a Microsoft representative, Vista has many layers of defense, including the firewall, running as a standard user, Internet Explorer Protected Mode, NX support, and ASLR that helps prevent arbitrary code from running with administrative privileges.

SOURCE