Vista security gutted by new web exploit
updated 12:05 pm EDT, Fri August 8, 2008
Vista Security Gutted
Many of the security measures Microsoft has implemented and touted for Windows Vista have been compromised through a single exploit, a presentation made at this week's Black Hat hacking conference claims. IBM Information Security Systems' Mark Dowd and VMware's Alexander Sotirov have found a method that uses scripting systems such as Java and elements of the .NET framework in Windows-based web browsers to arbitrarily run code on Vista systems. Internet Explorer is particularly vulnerable due to its use of ActiveX.
The malicious code not only negates the effectiveness of Vista's Address Space Layout Randomization and Data Execution Prevention technologies, which respectively randomize the location of some code in memory and prevent executing code from outside a certain memory space, but specifically abuses their behavior to ensure an attack gets through.
Microsoft is also unlikely to have any way of patching against the approach, since it can be reused whenever another vulnerability is found in a web browser. Such programs are also often the one Internet-based program that is often unblocked by security software and would thus thwart simple defense mechanisms such as blocking network ports or program permissions.
The technique is also characterized as generic enough that it can run in other environments and on other platforms, although it's uncertain whether this would permit a variant to attack a non-Windows OS or simply other programs within Windows.
Microsoft knows of the exploit's existence but hasn't been given a private briefing; the company is currently waiting on a public elaboration on the full details of how the exploit works.
The discovery of the security potentially undermines much of Microsoft's marketing effort for Vista, which has regularly centered around security. The company has suffered previous blows to its reputation through Windows XP exploits such as the Blaster worm, whose rapid spread in 2003 prompted public concern and a new effort on the part of Microsoft to emphasize security over convenience.
Security Experts
08/08, 01:15pm reply
Ok all those security experts need to chime in now since they love to make statements in the press that Vista is more secure then Mac OS X!
moofpup
Fresh-Faced Recruit
Joined: Dec 2007
If true
08/08, 01:28pm (2 replies) reply
If true this is a fundamental flaw that will likely span multiple operating systems and browsers.
Will be interesting to see the details when its actually published.
DeezNutts
Fresh-Faced Recruit
Joined: Apr 2008
hey
08/08, 01:48pm (1 reply) reply
Aren't these folks supposed to report the details to MS, and wait for them to issue a fix, before going public?
testudo
Fresh-Faced Recruit
Joined: Aug 2001
Re: Hey
08/08, 02:06pm reply
Testudo:
"Microsoft knows of the exploit's existence but hasn't been given a private briefing; the company is currently waiting on a public elaboration on the full details of how the exploit works."
wingdo
Senior User
Joined: Apr 2001
Re: hey
08/08, 03:49pm (1 reply) reply
Right, they 'know' of the exploit. But the whole "waiting on public elaboration' implies to me that they weren't informed of the exact nature of the exploit.
Man, too bad for MS that they couldn't NDA these guys like Apple did to that other presenter.
testudo
Fresh-Faced Recruit
Joined: Aug 2001
Don't laugh too soon
08/09, 09:54am reply
Due to internet use there will always be exploits. Apple is lucky but I remember a hacker challenge and an OSX box was hacked in record time. Not all exploits are used. Apple was late to fix a recent DNS exploit.
Also avoid going to p*** or free software sites. When will people learn that the Cloud is no different than any part of our so called real world. Some areas are simply not safe and the police if there are any will not arrive on time.
Simple defense is to only use the web as if you were walking in gang territory. Meaning you do not.
MS is a lot more open than Apple by the way on allowing such information.
henjin
Fresh-Faced Recruit
Joined: May 2007
hendumb
08/09, 07:00pm reply
what? Can you provide some kind of translation??
Doofuses.
robttwo
Fresh-Faced Recruit
Joined: Nov 2005
Vista's full of holes
08/09, 11:32pm reply
The OSX exploit is a straw dog if ever there was one. Produced on day two after lowering the security bar, a home brew exploit hacked a mac. Big woop.
To date, I've never seen a single exploit for a mac in the wild. I feel justifiably secure in using this platform.
Vista, on the other hand, is beginning to fray. It cannot help it due to the base code. Until Windows truly reworks their OS, is shouldn't be considered anywhere near safe or secure. 17,000 viruses pretty much peg what Vista is: a mess.
I've heard their Mojave is pretty good. Ha ha ha.
Monde
Fresh-Faced Recruit
Joined: Jan 2004
Mojave
08/11, 01:35am reply
Oh, man. Just when you thought it couldn't get any worse....
Neil Anderson
Fresh-Faced Recruit
Joined: Jul 2007
doug adams I miss you
08/11, 11:19pm reply
The discovery of the security potentially undermines much of Microsoft's marketing effort for Vista, which has regularly centered around security.
The Microsoft marketing department: a bunch of mindless jerks who'll be the first against the wall when the revolution comes.
climacs
Fresh-Faced Recruit
Joined: Sep 2001