Friday, November 28, 2008

Security flaw in Vista discovered

A potentially serious flaw has been discovered in the Windows Vista networking subsystem, but a patch isn't likely until the next service pack.

According to CNet, the vulnerability – discovered by Thomas Unterleitner of security firm Phion last Friday – can cause a buffer overflow condition in the iphlpapi.dll API for the network IO subsystem of Vista. While the issue has only been proven to corrupt kernel memory and cause a system crash, the possibility exists that a specially crafted exploit could run code provided by an attacker.

Unterleitner confirms the possibility of remote code executing, saying that while the exploit for the vulnerability currently "can be used to turn off the computer using a DoS attack," it could be modified to "inject code, hence compromising client security."

It may even be possible for the exploit to run without user interaction, too: while current versions require a user with administrative rights to execute the code, Unterleitner believes that it may be possible to code a specially-crafted DHCP packet that could "take advantage of the exploit without administrative rights."

According to the original flaw disclosure, Windows Vista Ultimate and Windows Vista Enterprise are both confirmed vulnerable, and it's more than likely that all versions of Vista suffer the same flaw – including both 32- and 64-bit releases of each. Windows XP and earlier Windows OS are not affected by this issue.

Although Unterleitner has claimed that "Microsoft will ship a fix for this exploit with the next Vista service pack," the company has kept mum on details regarding this flaw save for a statement saying that it is "currently unaware of any attacks trying to use the vulnerability or of customer impact."

Is this latest security alarm enough to have you reconsidering your choice of OS, or is Unterleitner over-egging the severity of this flaw? Share your thoughts over in the forums.

  • Windows Vista SP1 Gaming Performance
  • Major Windows security patch released
  • iTunes & QuickTime security alert
  • Acrobat suffers security flaw
  • 0 comments: