Vigil@nce - Windows: firewall bypassing via NLA
January 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use NLA of Windows, in order to force it to use a
more permissive security policy (firewall rules).
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2,
Microsoft Windows 2012, Windows 7, Windows 8, Windows Vista
Severity: 2/4
Creation date: 13/01/2015
DESCRIPTION OF THE VULNERABILITY
The NLA (Network Location Awareness) feature adapts the computer
network policy depending on the network where it is connected.
However, an attacker can spoof DNS and LDAP replies, in order to
deceive NLA, so it detects a domain network (instead of a public
network).
An attacker can therefore use NLA of Windows, in order to force it
to use a more permissive security policy (firewall rules).
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-firewall-bypassing-via-NLA-15955