Windows 7 Remain Vulnerable to Blind TCP/IP Hijacking Attacks

 

Adam Zabrocki, a security researcher warned window operating system users regarding the susceptibilities of Windows 7 to blind TCP/IP hijacking attacks. Adam Zabrocki reported the vulnerability to Microsoft reported eight years ago.

Windows 7 was launched in the year 2009 and reached its end of life a year ago – which can be seen in users no longer receiving security updates. In 2008, Adam Zabrocki created a proof of concept of this venerable attack methodology with Windows XP as the target point. In 2012, a security researcher notified Microsoft regarding the same TCP/IP vulnerabilities that made the attack feasible in Windows 7 and all the subsequent versions. 

Microsoft only patched the bug in Windows 8 and considered the bug “very difficult” to be exploited. Nearly one in four PCs is still running on the old operating system and are potentially susceptible to form of cyber-attack. In 1994, Kevin Mitnick orchestrated the most infamous blind TCP/IP hijacking strike against the computer systems of Tsutomu Shimomura at the San Diego Supercomputer Centre on Christmas day. 

The impact of TCP/IP hijacking attacks is not as fatal as it was some years ago. If the threat actor can hijack any TCP/IP session which is established but the upper-layer structure properly executes encryption then the options of a threat actor are limited in terms of what they can do with it; with the assumption that the cyber attacker does not have the capability of generating encrypted messages.

However, one thing that persists is “widely deployed protocols which do not encrypt the traffic, e.g, FTP, SMTP, HTTP, DNS, IMAP, and more” that would allow a threat actor to “send any commands on behalf of the original client”, Zabrocki explained.

Packets containing IP header were sent to the victim’s user by Zabrocki to discover how many packets were sent to link each probe. This laid the path to a ‘covert channel’ via which Zabrocki could uncover the user IP and port, and sequence numbers for both users and server.