Researchers at Barracuda Labs have uncovered a flaw in the way Windows 7 handles IPv6. According to an advisory, this vulnerability could be exploited through a targeted denial-of-services attack to impede functions like networking and application execution.
The Windows 7 IPv6 vulnerability arises from the way Windows’ remote procedure call (RPC) service handles malformed DHCPv6 requests. Dynamic host configuration protocol (DHCP) version 6 is part of IPv6. This protocol is used by servers to automatically assign IP addresses to client machines on an IPv6 network.
An attacker needs to intercept local DHCPv6 traffic to exploit this vulnerability. After interception of a DHCPv6 request, the reply can be modified to contain a malformed request. Such an event causes failure of the RPC service on the target Windows 7 machine.
This failure has been reported on reception of DHCPv6 Reply (message type 7) packets, which contains the option “Domain Search List” (option type 24), leaving the domain empty. Disruption of the RPC service can cause dependent services to fail, in addition to potentially causing the loss of certain COM services as well. According to the researchers, failing RPC calls may interfere with network connectivity, applications using COM/DCOM interfaces, and system sound.
According to the Barracuda Labs security blog, this issue has been verified in the 32-bit and the 64-bit versions of Windows 7 Ultimate, using sample DHCPv6. The research team believes it’s likely that this issue also affects other versions of Windows 7 and earlier versions.
Microsoft has reportedly acknowledged the flaw, after replicating the vulnerability. Since exploitation of this vulnerability requires local network access, Microsoft does not intend to release a security patch for the flaw. The vendor intends to fix this issue in the next iteration of the Windows operating system. Complete technical details of this vulnerability can be found in this advisory.