Once again Windows Vista has been the target of the hackers and crackers and just generally fun loving people with very little time on their hands.

Using a linux distro called BackTrack (BackTrack is the most Top rated linux live distribution focused on penetration testing) a person can gain system level access to any machine running windows Vista by following a couple of simple steps.

All you need to do is navigate to the windows directory of the machine and into the system32 folder. You then make a backup of the utility manager (utilman.exe) which is used to run the various utilities that allow people with sight problems to access a computer (screen readers etc..).

When this is backed up you rename cmd.exe to utilman.exe and reboot. When you boot up windows then and you reach the log in screen you can get the option to use the utility manager by pressing ctrl+u. Since utilman.exe is now basically cmd.exe you get a command prompt which you can now use to run explorer and thus gain system access without having to know any usernames or passwords.

This exploit apparently only works on Windows Vista and does not affect XP, 2000, 2003 and NT.

Here is a video that shows how to do it.

I wonder how long it will be before Microsoft fixes this issue.