08/08/2008, 12:05pm, EDT
Friday, August 8thVista security gutted by new web exploit
Many of the security measures Microsoft has implemented and touted for Windows Vista have been compromised through a single exploit, a presentation made at this week's Black Hat hacking conference claims. IBM Information Security Systems' Mark Dowd and VMware's Alexander Sotirov have found a method that uses scripting systems such as Java and elements of the .NET framework in Windows-based web browsers to arbitrarily run code on Vista systems. Internet Explorer is particularly vulnerable due to its use of ActiveX.
The malicious code not only negates the effectiveness of Vista's Address Space Layout Randomization and Data Execution Prevention technologies, which respectively randomize the location of some code in memory and prevent executing code from outside a certain memory space, but specifically abuses their behavior to ensure an attack gets through.
Microsoft is also unlikely to have any way of patching against the approach, since it can be reused whenever another vulnerability is found in a web browser. Such programs are also often the one Internet-based program that is often unblocked by security software and would thus thwart simple defense mechanisms such as blocking network ports or program permissions.
The technique is also characterized as generic enough that it can run in other environments and on other platforms, although it's uncertain whether this would permit a variant to attack a non-Windows OS or simply other programs within Windows.
Microsoft knows of the exploit's existence but hasn't been given a private briefing; the company is currently waiting on a public elaboration on the full details of how the exploit works.
The discovery of the security potentially undermines much of Microsoft's marketing effort for Vista, which has regularly centered around security. The company has suffered previous blows to its reputation through Windows XP exploits such as the Blaster worm, whose rapid spread in 2003 prompted public concern and a new effort on the part of Microsoft to emphasize security over convenience.
Filed under: industry, security, software
Other story tags: Microsoft, Vista
, 
, 11
, 
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
Security Experts
Ok all those security experts need to chime in now since they love to make statements in the press that Vista is more secure then Mac OS X!
If true
If true this is a fundamental flaw that will likely span multiple operating systems and browsers.
Will be interesting to see the details when its actually published.
hey
Aren't these folks supposed to report the details to MS, and wait for them to issue a fix, before going public?
Re: Hey
Testudo:
"Microsoft knows of the exploit's existence but hasn't been given a private briefing; the company is currently waiting on a public elaboration on the full details of how the exploit works."
Re: hey
Right, they 'know' of the exploit. But the whole "waiting on public elaboration' implies to me that they weren't informed of the exact nature of the exploit.
Man, too bad for MS that they couldn't NDA these guys like Apple did to that other presenter.
Don't laugh too soon
Due to internet use there will always be exploits. Apple is lucky but I remember a hacker challenge and an OSX box was hacked in record time. Not all exploits are used. Apple was late to fix a recent DNS exploit.
Also avoid going to porn or free software sites. When will people learn that the Cloud is no different than any part of our so called real world. Some areas are simply not safe and the police if there are any will not arrive on time.
Simple defense is to only use the web as if you were walking in gang territory. Meaning you do not.
MS is a lot more open than Apple by the way on allowing such information.
hendumb
what? Can you provide some kind of translation??
Doofuses.
Vista's full of holes
The OSX exploit is a straw dog if ever there was one. Produced on day two after lowering the security bar, a home brew exploit hacked a mac. Big woop.
To date, I've never seen a single exploit for a mac in the wild. I feel justifiably secure in using this platform.
Vista, on the other hand, is beginning to fray. It cannot help it due to the base code. Until Windows truly reworks their OS, is shouldn't be considered anywhere near safe or secure. 17,000 viruses pretty much peg what Vista is: a mess.
I've heard their Mojave is pretty good. Ha ha ha.
Mojave
Oh, man. Just when you thought it couldn't get any worse....
doug adams I miss you
The discovery of the security potentially undermines much of Microsoft's marketing effort for Vista, which has regularly centered around security.
The Microsoft marketing department: a bunch of mindless jerks who'll be the first against the wall when the revolution comes.