Device Drivers Shipping With Windows Leak Data
Several third-party device drivers that ship with Windows Server 2003 contain a vulnerability that causes them to leak potentially sensitive data during TCP transmissions.Several third-party device drivers that ship with Windows Server 2003 contain a vulnerability that causes them to leak potentially sensitive data during TCP transmissions. The flaw does not affect any Microsoft Corp. drivers; it has only been found in drivers provided by outside vendors. The vulnerability is quite similar to a class of flaws first described in a paper published by @stake Inc. in January. The problem occurs when messages transmitted between two machines are padded with arbitrary data in order to bring their byte size in line with the accepted standard. The @stake paper described the problem as occurring in Ethernet frames in ICMP messages. But researchers at Next Generation Security Software Ltd. recently discovered that the issue also is present in some TCP transmissions from device drivers.
The problem is that when Ethernet frames dont meet the minimum size requirement specified by the standard, the device drivers pad the frames with data pulled from previously used buffers without first cleaning that section of memory. This means that whatever information was in that buffer is then sent as part of the new transmission. The NGSS researchers observed the behavior most frequently during the closure of a TCP connection when the FIN and ACK packets are exchanged. Among the data the researchers were able to observe were e-mail passwords.