The 2021 Pwnie Nominee For Most Under-Hyped Research

Windows 7 blind TCP/IP Hijacking

Researcher Names: Adam ‘pi3’ Zabrocki

Link: http://blog.pi3.com.pl/?p=850

Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The same type of attack was done by Kevin Mitnick against the computers of Tsutomu Shimomura at the San Diego Supercomputer Center on Christmas Day, 1994.

The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices).

The original bug was reported back in 2012. MSRC acknowledged that the bug exists but claimed that “it is very difficult and very unreliable” to exploit. Therefore, they were not going to address it in the current OSes (at that time). However, they would fix it in the upcoming OS, which was going to be released soon (Windows 8). 9 years later, in 2021, there’s still no patch, and the complete exploit/tool was released. Microsoft acknowledged the bug again but released the statement recommending Windows 10 for anyone who wants protection against the attack.