Windows Vista firewall weakness can be corrupted by attackers

Share this article:

The firewall in Microsoft's Windows Vista operating system (OS) can be compromised to perform prohibited functions, according to new research from Symantec.

Microsoft has touted Vista as its most secure platform to date, implementing a plethora of new security features, including an improved firewall.

The software giant’s OS is, by default, configured to block all third-party and unknown network communications, unless the user clicks on the unblock button, said researcher Orlando Padilla of Symantec’s Security Response Team on a company blog.

Padilla said the problem concerns the unblock button, which can be accessed by an attacker with the same privilege level as a standard user. This configuration of privileges creates a vulnerability in the firewall’s policy that can be exploited by an attacker, he said in the post.

"[The firewall] poses a great limitation for malicious code looking to back-door a host. In effect, malicious code can automate the unblock process by simply sending a message to the firewall pop-up dialog box via the SendMessage API call," Padilla said in the web entry.

A Microsoft spokesperson said Tuesday that Vista is not intended as a "silver bullet" security solution, and that the firewall would alert users to such an attack.

"While it might be possible for an application to simulate a user pressing the unblock button there are other Windows Vista technologies that would require the user to explicitly allow the event – specifically, with a default and best practice installation environment, UAC would prompt the user to provide administrator credentials to complete the unblock function," he said. "This would alert the user to the attempted attack and, in many corporate and home-use scenarios, the standard user would not have the administrator credential required to complete the process."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Company news: New hires at Accuvant, ZeroFox and ThreatStream

New hires at Accuvant, ZeroFOX and ThreatStream, while a divestiture at Juniper and an acquisition for BlackBerry.

News briefs: The latest on Sony, Android, Backoff malware and more.

News briefs: The latest on Sony, Android, Backoff ...

This month's news briefs cover a preliminary settlement Sony will bear for the exposure of 77 million customers, and more.

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.