Feels a bit like ‘Wack-a-Mole”, but Windows security has always been that way. We knew a patch was coming for the hyped ‘animated cursor’ vulnerability. Along with it came fixes for two other issues as well. Now that we’re all patched up, Virus.org today pointed out that Symantec is warning of another seven vulnerabilities (nine in actuality) in Vista’s network services.

The information was released by Symantec after research into Vista’s new networking services. A paper was released titled ‘Windows Vista Network Attack Surface Analysis‘ that details the findings. The vulnerabilities range from Denial of Service to the ability to elevate privileges. Since no exploits are currently available, updates are probably not imminent, but there is no doubt Microsoft is currently working on creating patches for these, and after careful testing will release them as updates. If an exploit is found and made public, you can bet that the patch will quickly follow, as we saw with the ‘animated cursor’ patch.

The Common Vulnerabilities and Exposures site (CVE) contains a brief description of each of the seven vulnerabilities Symantec described:

CVE-2007-1527 “Spoof and Management URL IP Redirect”

“The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0×07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0×07 field, aka the “Spoof and Management URL IP Redirect” attack.”

CVE-2007-1528 “Spoof on Bridge”

“The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the “Spoof on Bridge” attack.”

CVE-2007-1529 “Total Spoof”

“The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the “Total Spoof” attack.”

CVE-2007-1530

“The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error.”

CVE-2007-1531

“Microsoft Windows Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.”

CVE-2007-1532

“The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements.”

CVE-2007-1533

“The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks.”

CVE-2007-1534

“DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port.”

CVE-2007-1535

“Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo.”

A search of the CVE site reveals a total of 22 Vista related vulnerabilities, which include the nine mentioned above, as well as the hyped ‘Speech Recognition’ vulnerability that can allow a well crafted sound file on a web page to delete files from your computer. Some of these will undoubtedly be fixed, others likely never will. What it does point out of course is that Vista is not perfect when it comes to security. Then again, Microsoft never claimed it was, so enough of the Vista trash talk every time a vulnerability is discovered. Vista is more secure than other versions of Windows. Nothing more, nothing less.