www.matousec.com has published a new technique for evading OS firewall protections.
The attack is described in http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php and in http://www.securityfocus.com/bid/39924/
A race condition attack that evades access control checks by substituting system call arguments.
- ZoneAlarm Extreme Security 9.1.507.000 was reported to be vulnerable. However, ZoneAlarm has a protection against this type of attack.
- To enable this protection ("Off" by Default), proceed as follows:
- Launch the ZoneAlarm extreme Security GUI.
- Select the "Program Control" menu item.
- Under "Program Control", click "Custom". The "Custom Program Control Settings" popup appears.
- Access the "Program Control" tab, and select "Advanced Control".
- Select "Enable Timing Attack Prevention".