Microsoft Vista Already Vulnerable to Popular Malware

We posted yesterday about how we're seeing more and more 0-day exploits against Microsoft Windows (Office, specifically) being released into the wild. This was because certain classes of exploits will no longer work in Vista. However, today, we see evidence that not only will some classes continue to work, existing malware in the wild today can still exploit vulnerabilities in IE7, which is tied into Vista.

This really hammers home the point that security researchers (and specifically in this case client-side security researchers) don't need to worry about becoming obsolete with new technologies deployed. We plan to port honeyclients to Vista soon, gaining more intelligence on our adversaries as the arms race continues.

Note: This post was edited to include the original Sophos November 2006 threats report. Thanks to Xeno Kovah for pointing out this link.