The sky isn't falling: a look at a new Vista security bypass

jmke · 12th August 2008, 10:54

One of the papers presented at the Black Hat USA 2008 security conference was an analysis a number of the protection mechanisms built into Windows Vista and Windows Server 2008 that are designed to make it harder to convert software bugs into security flaws. How to Impress Girls with Browser Memory Protection Bypasses, authored by security researchers Mark Dowd at IBM and Alexander Sotirov at VMware, presented a number of attacks against Vista's various security features in isolation, and then attacks that could disable multiple protections all together. Put together, the result is that Vista's mitigation mechanisms are circumvented, making buggy software exploitable.

The security features being bypassed are all intended to minimize the impact of buffer overflows. Buffer overflows are a particular kind of programming error that occur when a program attempts to store too much data in the buffer allocated for the data. This causes anything following the buffer to be overwritten. Buffer overflows are exploitable when it's possible to insert arbitrary executable code into a process and then make that code run. If an attacker can do this then the attacker has gained the ability to do whatever he likes to the victim's computer.

http://arstechnica.com/news.ars/post...ty-bypass.html

12th August 2008, 10:54	#1
jmke Madshrimp Join Date: May 2002 Location: 7090/Belgium Posts: 79,021	The sky isn't falling: a look at a new Vista security bypass One of the papers presented at the Black Hat USA 2008 security conference was an analysis a number of the protection mechanisms built into Windows Vista and Windows Server 2008 that are designed to make it harder to convert software bugs into security flaws. How to Impress Girls with Browser Memory Protection Bypasses, authored by security researchers Mark Dowd at IBM and Alexander Sotirov at VMware, presented a number of attacks against Vista's various security features in isolation, and then attacks that could disable multiple protections all together. Put together, the result is that Vista's mitigation mechanisms are circumvented, making buggy software exploitable. The security features being bypassed are all intended to minimize the impact of buffer overflows. Buffer overflows are a particular kind of programming error that occur when a program attempts to store too much data in the buffer allocated for the data. This causes anything following the buffer to be overwritten. Buffer overflows are exploitable when it's possible to insert arbitrary executable code into a process and then make that code run. If an attacker can do this then the attacker has gained the ability to do whatever he likes to the victim's computer. http://arstechnica.com/news.ars/post...ty-bypass.html __________________

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Microsoft Security Bulletin Summary for August 2007	jmke	WebNews	0	14th August 2007 22:21
Microsoft admits Vista security won't change much	jmke	WebNews	0	24th April 2007 09:52
Microsoft allows bypass of Vista activation	jmke	WebNews	3	20th March 2007 11:27
Vista Security — Too Little Too Late	jmke	WebNews	7	23rd February 2007 14:40
Vista DRM Cracked by Security Researcher	jmke	WebNews	0	30th January 2007 10:49
More Headaches from Vista Security	jmke	WebNews	3	11th May 2006 11:07