06 August 2006
Is Vista really so secure?
Recently the network stack of Microsoft Vista has been tested by Symantec. This network stack is a complete remake from previous versions and has never been run in the real world networking environment, leaving the possibility for many defects that are undetected.
The results of the testing has shown many bugs in many protocols some of which have been fixed in previous versions of Windows, only to show up again in Vista. There bugs included IP redirection attacks, the LLTD protocol for creating network maps was able to be decoded with very basic knowledge of how it actually worked. Microsoft has combined IPv4 and IPv6 support into the same stack, which is the first time it has been done in Windows, meaning this has never been tried in a real environment and also techniques used to protect IPv4 either don't exist or are very young for IPv6. This means we don't know how well they work. Several ports are configured in Vista that are not commonly used and sending data to some of them can cause the computer to either stop responding or crashes (this has been resolved). Some methods of attacking stacks from the past have successfully worked with the Vista stack that all other network stacks have solved. The current use of IPv6 also creates methods of gaining a connection to the computer.
I won't list all of the errors which have been found but with the errors that have it hints at a strong possibility that the network stacks have been rewritten and that more errors are probable than just the ones that have so far been found. It also raises questions about whether Vista is really as secure as Microsoft would like us to believe.
Symantec's full report can be found here.
The results of the testing has shown many bugs in many protocols some of which have been fixed in previous versions of Windows, only to show up again in Vista. There bugs included IP redirection attacks, the LLTD protocol for creating network maps was able to be decoded with very basic knowledge of how it actually worked. Microsoft has combined IPv4 and IPv6 support into the same stack, which is the first time it has been done in Windows, meaning this has never been tried in a real environment and also techniques used to protect IPv4 either don't exist or are very young for IPv6. This means we don't know how well they work. Several ports are configured in Vista that are not commonly used and sending data to some of them can cause the computer to either stop responding or crashes (this has been resolved). Some methods of attacking stacks from the past have successfully worked with the Vista stack that all other network stacks have solved. The current use of IPv6 also creates methods of gaining a connection to the computer.
I won't list all of the errors which have been found but with the errors that have it hints at a strong possibility that the network stacks have been rewritten and that more errors are probable than just the ones that have so far been found. It also raises questions about whether Vista is really as secure as Microsoft would like us to believe.
Symantec's full report can be found here.
Labels: microsoft, security, vista, vulnerability, windows
