Questions Raised About Vista Security at Recent Black Hat Conference

Dennis Faas's picture

A new technique has reportedly been developed by two security researchers that bypasses all of the memory protection safeguards in Windows Vista. The tactic is expected to have far-reaching implications for Microsoft the rest of the tech industry.

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov of VMWare Inc. will discuss the new methods they've found to get around Vista's Address Space Layout Randomizations (ASLR), Date Execution Prevention (DEP) and other functions built into Windows Vista by using Java, ActiveX controls and .NET objects to load arbitrary content into web browsers during a presentation at a Black Hat briefing.

The attacks -- deemed a major breakthrough by researchers -- are not based on any new vulnerabilities in Internet Explorer or Windows Vista and there is little that Microsoft can do to address the problem because it takes advantage of the fundamental architecture built into Vista.

Dowd and Sotirov were able to load whatever content they wanted into a location of their choice on a user's machine by taking advantage of the way browsers, especially Internet Explorer, handle active scripting and .NET objects.

Almost any vulnerability in the browser is exploitable and reusable. ASLR is meant to prevent attackers from predicting target memory addresses by randomly moving things such as a process's stack, heap and libraries, and is designed to stop host-based attacks.

Microsoft Windows Server 2008, Mac OS X Leopard and Linux are also potentially vulnerable. Microsoft is aware of the research and would like to see it once it goes public, and has not responded to Dowd's and Sotirov's findings.

In another Black Hat conference presentation, Ben Hawkes explained how to conduct attacks against the Vista heap allocator, a strategy that could enable malicious hackers to compromise Windows Vista systems around the world. He reportedly presented several scenarios in which the Vista heap could be attacked in order to produce buffer overflow and execute arbitrary code.

Also at the Black Hat Conference, researcher Su Yong Kim reportedly demonstrated how developers often install program files or store sensitive data in low integrity folders in order to simplify updates. These low integrity folders don't require user agreement to access and execute the contents.

It'll be interesting to see if this will affect Microsoft's marketing based on the security of Windows Vista, since many of its built-in security features have been rendered useless.

Visit Bill's Links and More for more great tips, just like this one!

Rate this article: 
No votes yet