Windows Vista firewall weakness can be corrupted by attackers

Share this article:

The firewall in Microsoft's Windows Vista operating system (OS) can be compromised to perform prohibited functions, according to new research from Symantec.

Microsoft has touted Vista as its most secure platform to date, implementing a plethora of new security features, including an improved firewall.

The software giant’s OS is, by default, configured to block all third-party and unknown network communications, unless the user clicks on the unblock button, said researcher Orlando Padilla of Symantec’s Security Response Team on a company blog.

Padilla said the problem concerns the unblock button, which can be accessed by an attacker with the same privilege level as a standard user. This configuration of privileges creates a vulnerability in the firewall’s policy that can be exploited by an attacker, he said in the post.

"[The firewall] poses a great limitation for malicious code looking to back-door a host. In effect, malicious code can automate the unblock process by simply sending a message to the firewall pop-up dialog box via the SendMessage API call," Padilla said in the web entry.

A Microsoft spokesperson said Tuesday that Vista is not intended as a "silver bullet" security solution, and that the firewall would alert users to such an attack.

"While it might be possible for an application to simulate a user pressing the unblock button there are other Windows Vista technologies that would require the user to explicitly allow the event – specifically, with a default and best practice installation environment, UAC would prompt the user to provide administrator credentials to complete the unblock function," he said. "This would alert the user to the attempted attack and, in many corporate and home-use scenarios, the standard user would not have the administrator credential required to complete the process."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.