Windows Vista firewall weakness can be corrupted by attackers

Share this article:

The firewall in Microsoft's Windows Vista operating system (OS) can be compromised to perform prohibited functions, according to new research from Symantec.

Microsoft has touted Vista as its most secure platform to date, implementing a plethora of new security features, including an improved firewall.

The software giant’s OS is, by default, configured to block all third-party and unknown network communications, unless the user clicks on the unblock button, said researcher Orlando Padilla of Symantec’s Security Response Team on a company blog.

Padilla said the problem concerns the unblock button, which can be accessed by an attacker with the same privilege level as a standard user. This configuration of privileges creates a vulnerability in the firewall’s policy that can be exploited by an attacker, he said in the post.

"[The firewall] poses a great limitation for malicious code looking to back-door a host. In effect, malicious code can automate the unblock process by simply sending a message to the firewall pop-up dialog box via the SendMessage API call," Padilla said in the web entry.

A Microsoft spokesperson said Tuesday that Vista is not intended as a "silver bullet" security solution, and that the firewall would alert users to such an attack.

"While it might be possible for an application to simulate a user pressing the unblock button there are other Windows Vista technologies that would require the user to explicitly allow the event – specifically, with a default and best practice installation environment, UAC would prompt the user to provide administrator credentials to complete the unblock function," he said. "This would alert the user to the attempted attack and, in many corporate and home-use scenarios, the standard user would not have the administrator credential required to complete the process."

Share this article:

Sign up to our newsletters

More in News

Five schools earn NSA's excellence in cyber ops distinction

The schools earned NSA's Centers for Academic Excellence designation for their cyber offerings.

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target ...

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, ...

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.