News

Researchers Find Vista Kernel Memory Security Bug

Windows Vista may have a potential buffer-overflow security problem, according to researchers at Innsbruck, Austria-based enterprise security firm Phion.

Windows Vista may have a potential buffer-overflow security problem, according to researchers at Innsbruck, Austria-based enterprise security firm Phion. On Friday, the researchers described an exploit involving the iphlpapi.dll application programming interface.

The researchers passed illegal PrefixLength values to routing tables using the CreateIpForwardEntry2 method. It corrupted Vista's kernel space memory, they explained.

"When adding a route entry to the IPv4 routing table using the method CreateIpForwardEntry2 and passing an illegal value greater than 32 [2] for the destination PrefixLength member in the DestinationPrefix structure contained in the MIB_IPFORWARD_ROW2 structure [3], kernel space memory is being corrupted resulting in random blue screen crashes," wrote Thomas Unterleitner, a member of Phion's research team.

The team had used a program to corrupt Vista's memory. However, they also tried passing illegal values using the "route add" command and got the same results.

The problem affects security at the client level and could enable code injection, according to Unterleitner. However, the exploit requires administrative privileges to carry it out. A spokesperson for the Microsoft Security Response Center said in an e-mailed response that they were unaware of any affects on customers.

"To exploit the vulnerability, the attacker would have to already be a privileged user on the system; either an Administrator or part of the network administrator's group, which limits the impact of this attack to users that already have a high-level of trust on the system," the spokesperson wrote.

Phion first informed Microsoft of the problem on Oct. 22. The company is providing a workaround solution for users of its netfence entegra client security solution. However, Microsoft's spokesperson wrote that the company can't vouch for "third party security updates or mitigations."

The Microsoft spokesperson did not say when the company planned to issue a fix, but Unterleitner told ZDNet UK that "Microsoft will ship a fix for this exploit with the next Vista service pack."

Windows Vista Service Pack 2 Beta was released to private testers in late October, but the final release awaits meeting certain quality improvements, according to Mike Nash, Microsoft's corporate vice president for Windows product management, in an announcement. No date for Vista SP 2 is specified as yet.

The exploit affected Vista Enterprise and Vista Ultimate editions, but it likely affects other Vista versions, Unterleitner wrote. Windows XP is not subject to this buffer-overflow security problem.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.