bit-tech.net

Security flaw in Vista discovered

Security flaw in Vista discovered

Bill won't be so happy when he hears about yet another security hole being discovered in his flagship OS.

A potentially serious flaw has been discovered in the Windows Vista networking subsystem, but a patch isn't likely until the next service pack.

According to CNet, the vulnerability – discovered by Thomas Unterleitner of security firm Phion last Friday – can cause a buffer overflow condition in the iphlpapi.dll API for the network IO subsystem of Vista. While the issue has only been proven to corrupt kernel memory and cause a system crash, the possibility exists that a specially crafted exploit could run code provided by an attacker.

Unterleitner confirms the possibility of remote code executing, saying that while the exploit for the vulnerability currently “can be used to turn off the computer using a DoS attack,” it could be modified to “inject code, hence compromising client security.

It may even be possible for the exploit to run without user interaction, too: while current versions require a user with administrative rights to execute the code, Unterleitner believes that it may be possible to code a specially-crafted DHCP packet that could “take advantage of the exploit without administrative rights.

According to the original flaw disclosure, Windows Vista Ultimate and Windows Vista Enterprise are both confirmed vulnerable, and it's more than likely that all versions of Vista suffer the same flaw – including both 32- and 64-bit releases of each. Windows XP and earlier Windows OS are not affected by this issue.

Although Unterleitner has claimed that “Microsoft will ship a fix for this exploit with the next Vista service pack,” the company has kept mum on details regarding this flaw save for a statement saying that it is “currently unaware of any attacks trying to use the vulnerability or of customer impact.

Is this latest security alarm enough to have you reconsidering your choice of OS, or is Unterleitner over-egging the severity of this flaw? Share your thoughts over in the forums.

19 Comments

Discuss in the forums Reply
proxess 24th November 2008, 14:25 Quote
Seriously... something as bad as this, and only a fix for the next SP? How soon will it come out then?
Bauul 24th November 2008, 14:32 Quote
Ah bugger Vista, I, and I get the impression a lot of others, are waiting for Windows 7.
steveo_mcg 24th November 2008, 15:01 Quote
Quote:
Originally Posted by Bauul
Ah bugger Vista, I, and I get the impression a lot of others, are waiting for Windows 7.

Yeah, don't really see the point in paying for vista when its about to be made redundant. Though i'm the man who stuck with 2k till 2k6.
airchie 24th November 2008, 15:09 Quote
Yet another reason to switch to Linux for everything bar gaming tbh...
Dreaming 24th November 2008, 15:26 Quote
Quote:
Originally Posted by airchie
Yet another reason to switch to Linux for everything bar gaming tbh...

I agree, but still doesn't outweigh the costs of having to switch to linux for a significant majority of users (including me!). Until linux is reeaaaaaally easy and works as well as windows 'out of the box', I can't see myself switching! Every single time I install (and I use ubuntu - linux for noobs) it goes wrong or theres some driver issue and it's not trivial to fix, unlike windows where it pops up a balloon, you click on it, and it installs drivers. that's my 2p anyway :D

Although it would be nice to know if this is a vulnerability as in someone hacking into your PC from the internet or whether you have to actually execute malicious code, in which case the vulnerability is the user which makes any system vulnerable.

Though people shouldn't level lots of hate against vista - it's probably not worth upgrading if you already have XP, but it is sufficiently superior to definitely recommend it over XP for someone who is building a new system.
GoodBytes 24th November 2008, 16:10 Quote
Oh no Vista has 1 issue found after 2 years and half about. Where XP you have issues at every corner.
proxess 24th November 2008, 17:15 Quote
Quote:
Originally Posted by Dreaming
I agree, but still doesn't outweigh the costs of having to switch to linux for a significant majority of users (including me!). Until linux is reeaaaaaally easy and works as well as windows 'out of the box', I can't see myself switching! Every single time I install (and I use ubuntu - linux for noobs) it goes wrong or theres some driver issue and it's not trivial to fix, unlike windows where it pops up a balloon, you click on it, and it installs drivers. that's my 2p anyway :D

I honestly can't consider pressing next next next every time some piece of hardware is detected or having to keep inserting a CD or downloading software/drivers being "out of the box". Only if you mean "Out of the Installation CD Box". Of course its trivial, compared to installing some piece of hardware/software on Linux, but more and more is Linux (and specifically Ubuntu) more and more trivial, which you simples plug it in and thats it, or open up synaptic and select and install.
steveo_mcg 24th November 2008, 17:42 Quote
Quote:
Originally Posted by GoodBytes
Oh no Vista has 1 issue found after 2 years and half about. Where XP you have issues at every corner.

Yup first flaw in vista, pretty good :)
http://www.google.co.uk/search?client=firefox-a&rls=org.mozilla%3Aen-GB%3Aofficial&channel=s&hl=en&q=vista+security+flaw&meta=&btnG=Google+Search
wiak 24th November 2008, 22:32 Quote
i agree
vista had alot less security issues since release
xp still have security issues since it was released, just check windows update on a XP RTM system and check how many security updates you get :P
its gonna be many
GoodBytes 24th November 2008, 22:39 Quote
I have a XP pre-SP1 disk...
Takes me a day and half to download all the updates up to SP3, and about 2 GB of bandwidth.

I know my previous comments was a bit exaggerated but compared to XP, it feels this way.
DXR_13KE 24th November 2008, 22:55 Quote
Quote:
Originally Posted by GoodBytes
I have a XP pre-SP1 disk...
Takes me a day and half to download all the updates up to SP3, and about 2 GB of bandwidth.

I know my previous comments was a bit exaggerated but compared to XP, it feels this way.

i feel the same.
ssj12 25th November 2008, 01:58 Quote
I thought M$ stated they were not making a second service pack for Vista....
johnmustrule 25th November 2008, 02:39 Quote
Vista is definately my favorite OS right now. If your not an idiot its not really very hard to keep any computer running top-notch, windows computers always fill up the fastest and that's because they are the largest target for hackers, nothing surprising there.

Advanced Windows care v3
Glary Utilities
ccleaner

Basically those and a decent anti-virus are all you need, best yet there free.
Cadillac Ferd 25th November 2008, 07:20 Quote
Quote:
Originally Posted by proxess
Seriously... something as bad as this, and only a fix for the next SP? How soon will it come out then?

Honestly I didn't get the impression from the article that it a huge pressing concern. As stated in the article currently all that the flaw can be proven to do is shut off the computer and it needs admin rights to do that. It doesn't really sound like they need to be tripping over themselves working on a patch.
nukeman8 25th November 2008, 11:59 Quote
if you read all the article it states theres a possibility of injecting code and bypassing admin rights completely, very bad stuff.
PederVM 25th November 2008, 12:57 Quote
If you know how DHCP works, you know that it would be quite hard to exploit this flaw.

To exploit this flaw you have to control the DHCP-server in the machines local subnet and be able to send a specially crafted DHCP-response, a DHCP-server does not send anything unless a DHCP-client requests it, to a DHCP-request from a DHCP-client (the DHCP-request is send as at broadcast [1] and not to a specific IP-adress, unless the machine is connected to a switch with management and the possibility to setup an IP-helper-adress where DHCP-request gets forwarded to).

[1] its highly unlikely your router is configured to forward broadcasts to outside adresses, including to the internet.

Most ISPs configure the routers so they works as a local DHCP-server, so pcs connected to the same network can reach eachother eventhough the internetconnection is down. If your router is configured this way, an intruder would have to take control of the router, modify the firmware on the router and wait for your machine to send a DHCP-request and then try to break the machine.

Most routers dont run software that users can compile or modify themselves, Linksys has a few that runs Open Source firmware (i can only remember openwrt.org). So watch out if you are in the habit of upgrading your router with firmware from suspicious websites.
seanblee 25th November 2008, 18:44 Quote
Quote:
It may even be possible for the exploit to run without user interaction, too: while current versions require a user with administrative rights to execute the code, Unterleitner believes that it may be possible to code a specially-crafted DHCP packet that could “take advantage of the exploit without administrative rights.”

So, if I execute a piece of code and give it admin rights, it can reboot my PC. Wow. A batch file containing 'shutdown -r -t 0' would do exactly the same thing, but that doesn't have people shouting 'oh no, Vista, full of security holes, run Linux, it's teh win!!!!1111one'. People are weird.
Gareth Halfacree 25th November 2008, 19:29 Quote
Quote:
Originally Posted by seanblee
So, if I execute a piece of code and give it admin rights, it can reboot my PC. Wow. A batch file containing 'shutdown -r -t 0' would do exactly the same thing, but that doesn't have people shouting 'oh no, Vista, full of security holes, run Linux, it's teh win!!!!1111one'. People are weird.
Except a batch file containing "shutdown -r -t 0" wouldn't overwrite kernel memory with garbage, which is rather more serious than a clean shutdown. Especially if you can control exactly what garbage gets written...
cpemma 25th November 2008, 20:24 Quote
Quote:
Originally Posted by Bauul
Ah bugger Vista, I, and I get the impression a lot of others, are waiting for Windows 7.
And your grounds for believing Windows 7 will be unbreakable? :?
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums