Windows Vista firewall weakness can be corrupted by attackers

Share this article:

The firewall in Microsoft's Windows Vista operating system (OS) can be compromised to perform prohibited functions, according to new research from Symantec.

Microsoft has touted Vista as its most secure platform to date, implementing a plethora of new security features, including an improved firewall.

The software giant’s OS is, by default, configured to block all third-party and unknown network communications, unless the user clicks on the unblock button, said researcher Orlando Padilla of Symantec’s Security Response Team on a company blog.

Padilla said the problem concerns the unblock button, which can be accessed by an attacker with the same privilege level as a standard user. This configuration of privileges creates a vulnerability in the firewall’s policy that can be exploited by an attacker, he said in the post.

"[The firewall] poses a great limitation for malicious code looking to back-door a host. In effect, malicious code can automate the unblock process by simply sending a message to the firewall pop-up dialog box via the SendMessage API call," Padilla said in the web entry.

A Microsoft spokesperson said Tuesday that Vista is not intended as a "silver bullet" security solution, and that the firewall would alert users to such an attack.

"While it might be possible for an application to simulate a user pressing the unblock button there are other Windows Vista technologies that would require the user to explicitly allow the event – specifically, with a default and best practice installation environment, UAC would prompt the user to provide administrator credentials to complete the unblock function," he said. "This would alert the user to the attempted attack and, in many corporate and home-use scenarios, the standard user would not have the administrator credential required to complete the process."

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.