IPv6-handling flaw found in Windows 7

IPv6-handling flaw found in Windows 7

Summary: Microsoft has confirmed a vulnerability in the way Windows 7 handles some IPv6 traffic, but says it will not fix the flaw until the next version of Windows

SHARE:
TOPICS: Security
1

Researchers have found a flaw in the way Windows 7 handles IPv6, one of the key protocols underlying the internet, saying attackers could use the vulnerability to crash PCs.

The security firm Barracuda Labs said on Tuesday that someone would have to make a targeted denial-of-service attack to exploit the vulnerability, but exploitation could cause failure in a PC's network connectivity, applications and sound system.

Microsoft has acknowledged and reported the flaw, but has said it will not patch it in a security update, because exploiting the vulnerability requires local network access.

According to Barracuda Labs researcher Thomas Unterleitner, the vulnerability lies in the way Windows 7's remote procedure call (RPC) function handles malformed DHCPv6 requests — DHCP (Dynamic Host Configuration Protocol) being the automatic configuration protocol that lets servers allocate IP addresses to clients at start-up.

DHCPv6 is part of IPv6, the new version of the internet protocol that is being slowly rolled out. 128-bit IPv6 addressing can handle a vastly greater number of connected network devices than 32-bit IPv4, which was introduced in 1981 and is now running out of address space.

Intercept DHCPv6 traffic

"To exploit this vulnerability, an attacker would need to intercept DHCPv6 traffic," Unterleitner wrote. "Once a DHCPv6 request has been intercepted, the corresponding reply would have to be modified to contain the malformed Domain Search List option. On reception of this malformed packet, RPC on the remote machine would fail. Exploiting this vulnerability would cause the RPC service to fail, losing any RPC-based services, as well as the potential loss of some COM functions."

Unterleitner told ZDNet UK on Wednesday that a successful attack would "crash the RPC service from the Windows operating system, and without this service Windows 'collapses' slowly — no sound, no IP and so on".

Barracuda Labs confirmed the DHCPv6 vulnerability on both 32-bit and 64-bit versions of Windows 7 Ultimate with Service Pack 1, and said it was "very likely" that other versions of Windows 7, and possibly earlier versions of Windows, are also affected.

After the security researchers warned Microsoft of the flaw, the company replied in late July, saying it had replicated the vulnerability. However, Microsoft said that executing a man-in-the-middle attack or establishing a rogue DHCPv6 server to exploit the flaw would require local access, so the flaw would only be fixed in the next version of Windows.

Unterleitner said an incorrectly-configured or buggy Linux DHCP server could also trigger similar effects on the client PC, but the method described by Barracuda Labs is the easiest way for a "pinpoint denial-of-service" attack to compromise a client.

ZDNet UK has asked Microsoft for comment on the vulnerability, but had received none at the time of writing.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topic: Security

David Meyer

About David Meyer

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't pay the bills. David's main focus is on communications, as well as internet technologies, regulation and mobile devices.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • This flaw is a good catch and just goes to re-emphasise the importance of integrating systems carefully when moving to IPv6. It’s long been lamented that IPv6 is not backwards compatible with IPv4 – essentially, they can’t ‘talk’ to each other. This does seem like a glaring – though relatively low-risk – error, particularly since the two networks will need to run in parallel for a number of years. It serves to emphasise the fact that, in the real world, organisations will need to put measures in place to integrate IPv4 and IPv6 networks running in parallel, and take care to correctly secure networks. If integration is not done carefully, more security flaws could be exposed.
    F5 Networks