Re:Not so severe (Score 1)

The nice things about security problems is that they tend to grow bigger than they seem and not smaller. Reading the paper from Zvi Gutterman, you can note few things. 1. Single process nature actually makes the problem worst as the seed does not get updated. Since IE is what most people use most of the time, the problem is still quite bad. 2. Since the problem is in user mode , you don't need root access on the machine to take advantage of it. 3. While the article didn't find remote abuses ( it is an academic paper after all ), it can be quite easy to imagine side effects of the WRNG that can be discovered in combination with other simple exploits which do not mean hacker already has full control. Imagine for example that the PRNG state can be deduced by calling rand() in JavaScript or Flash, not simple, but certainly feasible. Since this is a fundamental mathematical implementation problem in an infrastructure , it can be very hard to predict the implication until Microsoft gives more info on scope.