Windows Vista firewall weakness can be corrupted by attackers
The firewall in Microsoft's Windows Vista operating system (OS) can be compromised to perform prohibited functions, according to new research from Symantec.
Microsoft has touted Vista as its most secure platform to date, implementing a plethora of new security features, including an improved firewall.
The software giant’s OS is, by default, configured to block all third-party and unknown network communications, unless the user clicks on the unblock button, said researcher Orlando Padilla of Symantec’s Security Response Team on a company blog.
Padilla said the problem concerns the unblock button, which can be accessed by an attacker with the same privilege level as a standard user. This configuration of privileges creates a vulnerability in the firewall’s policy that can be exploited by an attacker, he said in the post.
"[The firewall] poses a great limitation for malicious code looking to back-door a host. In effect, malicious code can automate the unblock process by simply sending a message to the firewall pop-up dialog box via the SendMessage API call," Padilla said in the web entry.
A Microsoft spokesperson said Tuesday that Vista is not intended as a "silver bullet" security solution, and that the firewall would alert users to such an attack.
"While it might be possible for an application to simulate a user pressing the unblock button there are other Windows Vista technologies that would require the user to explicitly allow the event – specifically, with a default and best practice installation environment, UAC would prompt the user to provide administrator credentials to complete the unblock function," he said. "This would alert the user to the attempted attack and, in many corporate and home-use scenarios, the standard user would not have the administrator credential required to complete the process."