‘Monday November 24, 2008
Microsoft Not Rushing To Fix Vista Kernel Vulnerability
Categories:

Software Patches, Vulnerabilities, Windows Vista
Tags:

TCP/IP, vista, vulnerabilities, windows xp

A vulnerability in the Windows Vista Kernel hasn’t generated much panic from either researchers or Microsoft several days after its public release.

The vulnerability occurs in adding a route entry to the IPv4 routing table through the CreateIpForwardEntry2 API. It can be exploited through the route command line tool, which is included with Vista. The disclosure claims there are no workarounds. According to this article, Microsoft says that they will fix the bug in the next Vista service pack.

The vulnerability requires that the user be a member of either the Administrator group or the Network Configuration Operators group, and this explains the lack of concern. In Windows XP this would not be much of a barrier for a vulnerability, as so many users run as Administrators, but in Vista this is much less common.

To exploit the vulnerability, the attacker would have to convince the user to execute a malicious program on the PC. This might be as simple as a batch file which ran the route command, or a specially-crafted executable. The vulnerability is a stack overflow in the TCP/IP code, and a successful exploit would give the attacker full control over the PC,

But since the exploit is a buffer overflow, it also has to get past the Vista barriers of DEP and ASLR. As I have discussed recently, these are formidable barriers to invoking an exploit on Vista. The lack of interest in what would be a top-tier vulnerability in XP is yet another sign of how far Vista has gone to block such exploits.’

If the core security system of the OS does not work all it takes is a exploit to see the complete OS fail.

Reports have been in for years that the DAC on windows needs work. Even the new MIC from Microsoft is not up to scratch.