Well, the new release is official, and the file PERSFW.exe is now locked while the firewall is running. I haven't finished all of my testing, but my initial observation is that there may be some lingering MD5 issues, but that the latest release,
2.1.1, available now, addresses the most substantial issue, making it impossible to replace the file while it's loaded.
During discussion, a flaw in my reporting was brought to my attention. I always password protect my firewall. An excellent example of "why" appears in Murray's excellent write up of a first trial on his new install... Yes, if the firewall can be stopped and the file replaced, there can be a very serious problem. With authentication enabled, though, the firewall can't be unloaded without the passphrase. A script couldn't contemplate this. Even a trivial password could be the difference between a successful and an unsuccessful exploit.
Now, most of the rest of my observations would apply to any software firewall running locally. This doesn't address the underlying security model of the OS, because it can't. It doesn't prevent a really sophisticated attack from working, either. There are always things we haven't thought of, yet... but, for the moment, we're a heck of a lot better off than yesterday. Thanks to Kerio and their developers for a quick response. Even if we don't have perfection (an inattainable goal), all we can ask is proactive development, and timely responsible patch releases in the interim. More info will be provided as it becomes available, of course. For now, I think it good advice to update any existing pre-2.1.1 releases promptly, and consider using at very least a trivial password, to make stopping your firewall engine by script at least a little more difficult... whatever firewall you use...
Oh, and a PS... I don't know what to tell Tiny 2.0.15 users... it seems to still have an outstanding issue like this that's even broader and more exploitable than the earlier Kerio releases... either downgrade, I suppose, to 2.0.14, which didn't have the issue, or use Kerio 2.1.1, at least until Tiny provides some guidance as to where the firewall is going in development...
Now, I have a few things to sort out with my own firewall install. Thanks for the input, and I'll see you soon as I grab a bite and get the feel of the new release...
