SearchSecurity.com

LAS VEGAS — Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they’ve found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user’s machine.

Cripes!

Found by ECA on Cage Match.




  1. So. The only “benefit” of Vista now turns out to be DRM.

    Way to go, Baldy Ballmer. You really done good on this one.

    Is there ANYBODY who thinks that Vista is anything other than a software abortion?

  2. Matt says:

    Well, I can’t wait for Mohave to launch. It’s much better than Vista. hahaha

  3. ECA says:

    Im sorry.
    90% of the problems I see with windows are in Architecture..

    LOAD THE OS, and SLAM THE DOOR SHUT. LOCK it up.
    Keep IE out keep OTHER DRIVERS out, keep EVERYTHING OUT, that ISNT WINDOWS.

    Let the OTHER programs Load the drivers/inf/dll from THERE OWN dir.. it can be done, and SHOULD be done, and would Aid in Backing up the programs AND WINDOWS, insted of hiding them in WINDOWS.
    I dont know where they Learned programming but this IS BAD programming and only Adds a STUPID type of security.
    If a DLL/INF needs to be installed into windows, have it OUTSIDE of the windows DIR..thats loaded at startup.. That makes it easy to SEARCH for Virus and CRAP.
    Also finding that Funny OLD DLL is easier if its NOT in the Win dir.

  4. Only thing I can add to ECA’s post is extension of the same philosophy to DRM. If device deals with DRM content, let its driver take care of it. OS should be DRM agnostic.
    But, I don’t think we’ll ever see any of that from MS…

  5. web says:

    Let me be the devils advocate. MS tried to lockdown Vista even more and guess what happened?

    McAfee joins Symantec protesting Vista kernel lockout.
    http://www.itwire.com/content/view/5942/53/

    And they tried to pull this crap in Europe, wonder why?

  6. Les says:

    I can hear Johnny Carson say “Suprise!”

  7. otte-o says:

    If I’m reading this write they haven’t even show what the vulnerability is yet. I will wait to judge the shortcomings of Microsoft’s security until they release the details. I sound like they my be full of crap and are just trying to make a name for themselves. Since it uses Java And .Net and ActiveX I would guess that it is a problem with the way Java or a certain ActiveX component is using memory on not Vista.

  8. ECA says:

    otte,
    and alot of the vulnerabilities of IE have been there implementation of JAVA,ActiveX and .net.
    AND the way they like to MOD the other Script languages..
    they WANt to open a back door for MS to use..mostly for FORCED advertising.. its part of there idea that they WANT access to every system sold.
    WHICh has been their MAJOR problem..THEY WANT ACCESS.. they want to be able to put adverts onto your system. Its a SALES point..

  9. Balbas says:

    Always fascinating the myriad ways programmers figure things like this, then show how we can do it too.

  10. edwinrogers says:

    This is why they have Black Hat.

  11. montanaguy says:

    This is the expected ugly stepchild of a kludge, built upon a kludge, built atop DOS with millions of lines of undocumented code that nobody at MS apparently understands. I almost feel sorry for them. Just kidding… I just sit here wondering if a rootkit is really running under my hood. I’m not sure I can say it isn’t.

  12. dave says:

    The Web needs an epiphany: in this age of faster access there is no reason for any web-site to load executable code on your system or permanent files (cookies) to make the web-site work better or be sexier. Nobody should load executable code or files on your system from the web, period. That would eliminate most security problems, but nosy, arrogant corporations like the current semi-spy system just fine, and it will persist.

  13. peter_m says:

    I wonder if Vista 64bit will be any different? Will be watching this closely. Regardless of the outcome, my next laptop will be a MacBook so I can go back an forth between OS10, Vista and XP.

  14. deowll says:

    You can never be sure they haven’t gotten you no matter which system you run.

    I do have ubuntu running firefox on one system and it sounds sort of like this might be an IE problem in a way at least until somebody figures out how to share the pain.

    You may also be able to turn off a few things and be much safer on line but the web might not be much fun any more.

    We also need to know if these guys have the big guns they claim or not.

  15. I keep reading and hearing about how Vista ‘isn’t that bad.’

    Maybe it is, maybe it isn’t.

    For me, it’s just easier to use something else.

    For my choice, it’s going to be something that does not require an activation code, calling a 1-800 number or something that does not let the junk through, while stopping me from installing the stuff I want to.

    The virus and malware we have always had to live with.

    Add to that, the gyrations for activation and installation, it no longer is very easy to install and operate.

    My choice becomes easy, and I choose easier options.

  16. gquaglia says:

    Just another reason why Windows has to be rebuilt anew from the ground up. Anything less will be more of the same. M$ can’t see that, though because they are too busy worrying about Google.

  17. Lou Minatti says:

    [Comment deleted – Violation of Posting Guidelines. – ed.]

  18. Ah_Yea says:

    Wow. Didn’t see that coming but it doesn’t surprise me.

    Using ActiveX (a known security problem) to create a hole in .NET then using that hole to access the system at admin level.

    What a mess.

  19. Special Ed says:

    Now where the hell is Pedro telling us how much Apple sucks?

  20. Somebody_Else says:

    This is a security problem with Java, ActiveX controls and .NET, not Windows Vista itself.

    The most secure OS will be compromised by poorly written software or an idiot user. It sounds to me like people are running out of reasons to hate Vista.

  21. GetSmart says:

    Everyone seems to have forgotten the Hardware Certification part of the DRM garbage. That’s where Micro$oft can cancel a particular piece of hardware’s ability to run under Vista by revoking that hardware’s certification. I’m just waiting for the day some 15 year old Finnish kid cancels the ticket on a whole buttload of Intel or nVidia’s chipsets worldwide just for fun. Can you say economic collapse? Sure. Sure you can, boys and girls.

  22. Mister Ketchup says:

    Vista was rendered useless long before the security breach.

  23. Deepa says:

    Well, what next ?

  24. ECA says:

    Great big gobs of greasy grimy gopher guts,
    Itty bitty birdys feet,
    Emulated monkey meat…

    Great big gobs of #@!$@#$@# flowing down the avenue…
    And you can eat it without a spoon..

  25. The Outlaw says:

    That’s why you should buy a Mac.

  26. Likes2LOL says:

    Microsoft has a new web site with videos showing that if people can be tricked into trying Vista they might not think it sucks so much:
    http://www.MojaveExperiment.com

    Geez, how embarrassing is it for a major corporation to have to stoop to deceiving people to even try its allegedly new and improved product 18 months after it came out? That sure spells “product launch flop” to me.

  27. Mr. Fusion says:

    #17, Lou,

    Amazing! Something on John C. Dvorak’s blog that doesn’t involve petty and stupid left-wing paranoia.

    Maybe, but this still happened on Bush’s watch.

  28. JimD says:

    After how many years of Winbloze, we should by now know the M$ and “Security” are MUTUALLY EXCLUSIVE !!! Except for DRM that DESTROYS YOU “FAIR USE” RIGHTS !!!

  29. Somebody_Else says:

    #26
    There’s nothing wrong with the product, people actually liked Vista if they though it was something else. What it shows is that Microsoft did a terrible job marketing. Judging from all the idiotic comments to this article they still have a lot of work to do.

    The headline to this article is deceptive. As I mentioned in my earlier comment, the security breach was in the software, not the operating system. Even the most secure OS will be compromised by bad software and idiot users.

    Vista now performs just as well (and better in a few games) than XP (keep in mind that XP was never faster than 2000), and I’ve found it to be very stable and secure. The 64-bit version gives me a nice boost since I can use 64-bit AutoCAD, and still runs all my old programs. I like Vista, and I think most people who use it do too.

    It seems to me that people are running out of reasons to hate Vista, and now that all the alleged DRM/performance/stability issues have been debunked more and more people will be using it.

  30. Thinker says:

    Yep, I’m waiting for the other shoe to drop with caveats galore. This is not a vista killer. We aren’t even told what it is. Some really smart guys at Black Hat have figured a way around vista, yet for some reason my machine with vista sp1 still runs. Amazing!

    I’ll wait for the second half of the story before I move it from FUD to news.


1

Bad Behavior has blocked 5491 access attempts in the last 7 days.