Kernel vulnerability found in Vista

I guess it's not as secure as everyone thought.

A flaw in Vista's networking has been found that can crash the system, but no fix is expected until the next service pack

A flaw has been found in Windows Vista that could allow rootkits to be hidden or denial-of-service attacks to be executed on computers using the operating system.

The vulnerability was found by Thomas Unterleitner of Austrian security company Phion and was announced Friday. Unterleitner told ZDNet UK on Friday that Phion told Microsoft about the flaw in October but that he understood a fix would only be issued in the next Vista service pack.

According to Unterleitner's disclosure of the flaw, the issue lies in the network input/output subsystem of Vista. Certain requests sent to the iphlpapi.dll API can cause a buffer overflow that corrupts the Vista kernel memory, resulting in a blue-screen-of-death crash.

"This buffer overflow could (also) be exploited to inject code, hence compromising client security," Unterleitner said.

Unterleitner told ZDNet UK via e-mail that the "exploit can be used to turn off the computer using a (denial-of-service) attack." He also suggested that, because the exploit occurs in the Netio.sys component of Vista, it may make it possible to hide rootkits.

Using a sample program, Unterleitner and his colleagues ascertained that Vista Enterprise and Vista Ultimate were definitely affected by the flaw, with other versions of Microsoft's operating system "very likely" to be affected as well. Both 32-bit and 64-bit versions are vulnerable. Windows XP is not affected.

Asked about the severity of the flaw, Unterleitner pointed out that administrative rights were needed to execute a program calling the function that would cause the buffer overflow. However, he also said it was possible--but not yet confirmed--that someone could use a malformed DHCP packet to "take advantage of the exploit without administrative rights."

"We have worked together with Microsoft Security Response Center in Redmond since October 2008 to locate, classify and fix this bug," Unterleitner wrote. "Microsoft will ship a fix for this exploit with the next Vista service pack."

Microsoft told ZDNet UK on Friday that it had investigated the issue, but was "currently unaware of any attacks trying to use the vulnerability or of customer impact." It could not, however, confirm the inclusion of a fix for the problem in the next as-yet-unreleased service pack for Vista, nor give the release date for that service pack.

http://news.cnet.com/8301-1009_3-10106173-83.html?part=rss&subj=news&tag=2547-1_3-0-20

 

...long live xp? seriously really sad..

 

what are you talking about, Vista is perfect. When SP2 comes out it won't be an issue. MS is going to make another commercial about it when SP2 comes out for vista..

MS: See we told you vista doesn't have any issues with the network input/output subsystem. See.. Look...

The Mojave experience is funny like that. It's there to show people how stupid they are and that MS can never be wrong. haha.

 

I guess XP is the perfect operating system. After all, it never had any security flaws, was never susceptible to buffer overruns, and never had a bevy of white hats looking for flaws that could be exploited.

 

Here's just another opportunity for the people who bash Vista to continue to do it. It's pathetic.

 

Ever heard of the perfect operating system?
Guess what - it never existed

Any operating system has its flaws - and microsoft is willing to admit them, that's the key part.
Also: It took quite a while to find that flaw, didn't it?
SP2 is something to look forward to then.

 

How does Vista get knocked over this, lol? OMG we found a security flaw in Vista, FINALLY yessssssssssssss!!!!

This security flaw is so conditional... the victim would likely have to have UAC turned off, not be using the simplest antivirus program (which normally contain anti-rootkit), and/or would have to accept a malformed DHCP packet which would likely be associated to an IP, MAC address, and location making it easily traceable.

But really, I don't know what I would do if someone made my computer shut down... [glances at power button]

I don't think anyone really expected Vista or any operating system to be hole-free... so I'm going to have to disagree and say that Vista is exactly as secure as I thought and probably as secure as any other intelligent Vista user thought. But that's just my opinion.

 

I am surprised as to the amount of information released about this flaw. Usually the parent company will pay out and request anonymity until after a fix is released. This guy has just further opened a can of issues for those who would tackle this as a project. Of course, they have the ability to do it before, but everyone needs a start. Would have been nice to just touch on the issue and say more to come after a fix...bah. I agree with Jakamo5, nothing is perfect and making Vista look like that bad guy to the uneducated public is not right. I like Vista just as much as XP and OSX...all have their strengths and weaknesses.

 

Couldn''t software such as Comodo Memory Guardian and Firewall with HIPS prevent the problem?

 

Speaking about UAC - it even blocks CCLener, so quite a few people turn it off - its only annoying.

But it is true that you should use an antivirus that monitors data exchanges...

 

Personally, this is a non-event.

This security flaw needs so many things done to the PC before it can be exploited that it would be simpler to just run a trojen than set the PC up for this attack....

 

This is a good news actually... It makes a product much better day by day.
Thanks for the news.

 

Why bother fixing it in _Vista when Win7 will be out shortly?

 

Exactly, nothings ever perfect right?

 

Except Linux (I kid, I kid...)

 

Might as well, since Windows 7 is just Vista SP3, right?