Announcement

Collapse
No announcement yet.

Bypassing Microsoft Vista's Memory Protection

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Bypassing Microsoft Vista's Memory Protection

    Windows Vista security 'rendered useless' by researchers


    This is huge:

    Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

    In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they've found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

    By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user's machine.
    Tags: None
    #2
    A good read on the topic, which also points out that this is not as bad as they want you to think:

    http://arstechnica.com/news.ars/post...ty-bypass.html

    *snip*

    Even with the attacks described in the paper, Vista has many worthwhile security improvements compared to XP. Internet Explorer on Vista runs in a highly restricted environment, so that even when it is running malicious code it cannot harm the system. Stories suggesting that Vista's security is now irredeemably broken are far off the mark; the truth is merely that some of its automatic security protection is less effective than it was before.

    What Microsoft will do in response remains to be seen. Some of the specific featurs of the attacks can be resolved by Microsoft itself?preventing IE plugins from opting out of the protection schemes, by improving the way that .NET interacts with the protection, and by making Windows default to enabling all the protection schemes?and others can be minimized by third parties?by writing plugins that enable with all the security mechanisms, by being more careful with executable memory, and so on. Longer term, a switch to 64-bit programs might allow considerably more randomization to be applied; while making large allocations is enough to fill up a 32-bit program's memory (which allows attackers to defeat randomization) the same is not true of 64-bit processes?they're simply too big.
    Oh if a man tried to take his time on Earth and prove before he died what one man's life could be worth, well I wonder what would happen to this world ? - Harry Chapin

    Comment

      #3
      I would think that this is bad

      he pair have been able to load essentially whatever content they want into a location of their choice on a user's machine.

      Comment

        #4
        Originally posted by mapes View Post
        I would think that this is bad
        Based on their clear and concise methodology ? They haven't shown squat so far, other than IE7 turns off DEP. Its somewhat hard to believe that someone can load chosen content with chosen privileges. Chosen content, I would understand, but not chosen permissions.
        It honestly comes down to third party plugin exploits that someone has found a buffer overflow 'hole' that allow the attack to commence. It really would be fixed by moving to a 64 bit OS/browser.

        Hehe, IE8 enabled DEP by default
        Oh if a man tried to take his time on Earth and prove before he died what one man's life could be worth, well I wonder what would happen to this world ? - Harry Chapin

        Comment

        Previous template Next

        Cain's Lair Forums Statistics

        Collapse
        Topics: 26,187   Posts: 269,850   Members: 6,183   Active Members: 7
        Welcome to our newest member, Fermin13Q.

        Today's Birthdays

        Collapse

        There are no members with birthdays today.

        Top Active Users

        Collapse
        There are no top active users.

        More Posts

        Collapse
        • Reply to Hi guys!
          by Evil_T0NY {CLR}
          I've been Alpha and will be Beta testing the Delta Force game. It's been really getting good reviews! Definitely a good Battlefield feel to it like the...
          14 Nov 2024, 08:50 PM
        • Reply to Hope your all OK over there
          by Apache Warrior
          We had 17 inches of rain from the storm on November 7, 2024.
          Apache
          11 Nov 2024, 07:55 AM
        • Reply to Hope your all OK over there
          by Sirex
          Aye, I'm inclined to agree with that lmao
          Gone are the days of warm summers and snow filled winters here, nothing but rain and wind for 8mths of...
          10 Nov 2024, 08:53 PM
        • Reply to Hope your all OK over there
          by Apache Warrior
          Now we have had a lot of flooding in this area and there are still a lot of houses that have not been repaired. Must be the apocalypse.
          ...
          8 Nov 2024, 09:23 AM
        View All
        Working...
        X