Vista's Security Rendered Completely Useless by New Exploit [Merged Threads]

Posted by Jason Kelley

This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees.

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista’s Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser. The researchers were able to load whatever content they wanted into any location they wished on a user’s machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.

While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren’t based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista’s fundamental architecture. According to Dino Dai Zovi, a popular security researcher, “the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.”

I don’t know what to think about this… ???

I do, returning to XP 88)

Xan

Don’t care about this. No .NET, Internet Explorer or ActiveX on my Vista :slight_smile:

Why Do Buisness Professionals Always get the credit (:AGY)

This Method Is Practicaly Known Throughout The Internet Just have to look,

Friend Jordan Actually Told me about this method a while back…

CG

More info:
http://taossa.com/archive/bh08sotirovdowd.pdf
Code:
http://taossa.com/archive/bh08sotirovdowdcode.zip

Yes, but you use Opera like me, and even it uses Java Script :-X

Yes, that might be a problem. Well I’ll bet on my luck ;D

The genius of this is that it’s completely reusable…That’s completely game over.
Dino Dai Zovi Security researcher

LAS VEGAS -- Two security researchers have developed new techniques that bypass the memory protection safeguards in the Windows Vista operating system through the use of browser exploits.

In a presentation at the Black Hat briefings, Mark Dowd and Alexander Sotirov demonstrated the new methods they’ve found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user’s machine. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista’s fundamental architecture and the ways in which Microsoft chose to protect it.


Full article: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html

Presumably windows seven and server 2008 will be similarly useless.

No - they’ll be OK. Microsoft would never bring out a new OS with bloated, insecure, legacy code, would it?

I stand corrected. (:WIN)