There is a certain conference taking place at the moment regarding security issues and vulnerabilities.
Whilst full disclosure has not been made, this cannot be validated. Regardless, it is always wise to run as a non-admin account and keep UAC switched on. I cannot imagine this exploit being able to elevate to admin-privelages. I also suggest running IE in protected mode. Note: IE7 on Vista does not have DEP on by default, so you may wish to consider changing this.
My apologies for the rather sensationalist title. Seems to be all the rage these days though. It isn't actually game over as such, but it certainly does raise some serious issues that MS must address.
Here is the paper (It does not disclose the techniques - so don't think you will be able to become a haxxor by reading this).
Neowin said:"Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. "
Neowin said:"This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista," said Dai Zovi to SearchSecurity.com. "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."
Whilst full disclosure has not been made, this cannot be validated. Regardless, it is always wise to run as a non-admin account and keep UAC switched on. I cannot imagine this exploit being able to elevate to admin-privelages. I also suggest running IE in protected mode. Note: IE7 on Vista does not have DEP on by default, so you may wish to consider changing this.
My apologies for the rather sensationalist title. Seems to be all the rage these days though. It isn't actually game over as such, but it certainly does raise some serious issues that MS must address.
Here is the paper (It does not disclose the techniques - so don't think you will be able to become a haxxor by reading this).