Announcement

Collapse
No announcement yet.

Bypassing Microsoft Vista's Memory Protection

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Bypassing Microsoft Vista's Memory Protection

    Windows Vista security 'rendered useless' by researchers


    This is huge:

    Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

    In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they've found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

    By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user's machine.
    Tags: None
    #2
    A good read on the topic, which also points out that this is not as bad as they want you to think:

    http://arstechnica.com/news.ars/post...ty-bypass.html

    *snip*

    Even with the attacks described in the paper, Vista has many worthwhile security improvements compared to XP. Internet Explorer on Vista runs in a highly restricted environment, so that even when it is running malicious code it cannot harm the system. Stories suggesting that Vista's security is now irredeemably broken are far off the mark; the truth is merely that some of its automatic security protection is less effective than it was before.

    What Microsoft will do in response remains to be seen. Some of the specific featurs of the attacks can be resolved by Microsoft itself?preventing IE plugins from opting out of the protection schemes, by improving the way that .NET interacts with the protection, and by making Windows default to enabling all the protection schemes?and others can be minimized by third parties?by writing plugins that enable with all the security mechanisms, by being more careful with executable memory, and so on. Longer term, a switch to 64-bit programs might allow considerably more randomization to be applied; while making large allocations is enough to fill up a 32-bit program's memory (which allows attackers to defeat randomization) the same is not true of 64-bit processes?they're simply too big.
    Oh if a man tried to take his time on Earth and prove before he died what one man's life could be worth, well I wonder what would happen to this world ? - Harry Chapin

    Comment

      #3
      I would think that this is bad

      he pair have been able to load essentially whatever content they want into a location of their choice on a user's machine.

      Comment

        #4
        Originally posted by mapes View Post
        I would think that this is bad
        Based on their clear and concise methodology ? They haven't shown squat so far, other than IE7 turns off DEP. Its somewhat hard to believe that someone can load chosen content with chosen privileges. Chosen content, I would understand, but not chosen permissions.
        It honestly comes down to third party plugin exploits that someone has found a buffer overflow 'hole' that allow the attack to commence. It really would be fixed by moving to a 64 bit OS/browser.

        Hehe, IE8 enabled DEP by default
        Oh if a man tried to take his time on Earth and prove before he died what one man's life could be worth, well I wonder what would happen to this world ? - Harry Chapin

        Comment

        Previous template Next

        Cain's Lair Forums Statistics

        Collapse
        Topics: 26,188   Posts: 269,861   Members: 6,183   Active Members: 4
        Welcome to our newest member, Fermin13Q.

        Today's Birthdays

        Collapse

        There are no members with birthdays today.

        Top Active Users

        Collapse
        There are no top active users.

        More Posts

        Collapse
        • Reply to hey yall!
          by Sirex
          All sorted now, even updated the email on the account.

          Been quite a few of us catching up in the discord the last few days ...
          7 Mar 2025, 10:03 AM
        • Reply to hey yall!
          by Pidgeot_Girl
          Glad to hear you're doing well Apache and congratulations on the business!! Only thing I'm playing is BO6 these days on the weekends!
          2 Mar 2025, 01:55 PM
        • Reply to hey yall!
          by Apache Warrior
          Sirex should be able to recover his log in and change the password. He would then login and change the password.
          I am not playing anything right...
          2 Mar 2025, 09:04 AM
        • Reply to Hi guys!
          by Pidgeot_Girl
          Mostly playing good ol CoD BO6 on the PS5 (old habits die hard), I'll dabble into a little bit of Fallout 4. But I'm pretty much a weekend warrior, my...
          1 Mar 2025, 07:24 PM
        • Reply to hey yall!
          by Pidgeot_Girl
          Sirex!!! I will let him know! He cant remember his log in anymore but he wonders how everyone in the lair is doing, and hope everyone is doing well. Also...
          1 Mar 2025, 05:19 PM
        • Reply to hey yall!
          by Sirex
          :O hey Pidgeot!

          Long time no see and congrats on EVERYTHING!
          Good to hear all that wonderful news and I know what its like having...
          23 Feb 2025, 06:31 PM
        View All
        Working...
        X