| Thread Tools |
8th August 2008, 15:58 | #1 |
Madshrimp Join Date: May 2002 Location: 7090/Belgium
Posts: 79,021
| Vista's Security Rendered Completely Useless by New Exploit Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista's Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser. The researchers were able to load whatever content they wanted into any location they wished on a user's machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System. While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren't based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista's fundamental architecture. According to Dino Dai Zovi, a popular security researcher, "the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over." http://www.neowin.net/news/main/08/0...by-new-exploit
__________________ |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Microsoft Security Bulletin Summary for September 2008 | jmke | WebNews | 0 | 9th September 2008 19:20 |
Swiftshader: 3DMark, Crysis und Call of Duty 4 completely rendered by the CPU | jmke | WebNews | 0 | 6th April 2008 20:31 |
Microsoft Security Bulletin Summary for August 2007 | jmke | WebNews | 0 | 14th August 2007 22:21 |
Sony claims that PCs will be rendered useless by the PS3 | jmke | WebNews | 3 | 3rd June 2006 12:14 |
NVIDIA and AMD Deliver Improved Security to Protect the PC Desktop | Sidney | WebNews | 0 | 3rd June 2004 04:46 |
HP and Microsoft Expand Security Solutions Portfolio | Sidney | WebNews | 0 | 25th May 2004 06:28 |
AMD AND microsoft to provide customers new security technology | jmke | WebNews | 0 | 29th February 2004 13:22 |
Thread Tools | |
| |