Symantec said further that Microsoft has confirmed the issue and pledged to fix it when it issues a Windows Vista SP1 update.

Both the PatchGuard and ASLR issues feed into another Vista problem cited in the Symantec research: integration with third-party products. In addition to the potential problems introduced by PatchGuard to its own products, Symantec said that the third-party drivers provided by Microsoft may be targeted as a means of gaining kernel-level access on compromised machines.

ASLR has been highlighted by at least one other security company as a potential weak point in Vista. Just as Symantec maintains that many of Vista's security features won't help protect end-users unless third-party software makers can effectively integrate with the tools, penetration testing specialists Core Security, based in Boston, published a report on Feb. 6 that highlighted a well-known vulnerability existing in CA's BrightStor backup software that it said could still be exploited on machines running Vista.

Because the CA software had not been updated to integrate with ASLR and other Vista security features -- although CA said it would soon have a new version of the product to market and Microsoft officials disputed the issue -- the operating systems' onboard defense features won't help protect such legacy systems, Core said.

Symantec's report repeatedly highlights the third-party integration issue as a major weak point for Vista's security goals.