LAS VEGAS — Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they’ve found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user’s machine.


Found by ECA on Cage Match.

  1. Somebody_Else says:

    #5 and #39
    Did either of you bother to check the date on that story? It’s from October 2006.

    IIRC, Microsoft has since worked with the security companies to work out whatever issues they had. It’s a good thing in my opinion, most consumer level virus scanners do more harm than good. Microsoft wanted to have more control over how they were interacting with the OS.

  2. Thinker says:

    #40 You both are correct! Sys Admins woun’t roll it out until the hardware is refreshed, and/or the servers they connect to move to 2008.

    Not that this is any surprise to us Admins. Just because Vista works, and can work well doesn’t mean it follows it will be pushed to the corp. desktops.

    Its a non-sequitor for us.

  3. Shenzhov says:

    Microsoft said they were going on the offensive with Vista.
    Looks like the shills are out in force.
    Won’t help though. You can’t treat the users like fools and expect them not to move to something else. This isn’t the 90′s are people are smarter and have more choices.

    Ever notice the mantra coming from Balmer or Gates? Always about…what they and their business partners have in mind. Hardly ever about what’s good for the user.
    Apple is successful because they think of the end user first, then the business partners join because sales are going up.

    My last Windows system ever…you can bank on that.

  4. ECA says:

    I would like to SEE the systems used in that test…
    it WASNT that $400 DELL was it..
    I bet it was TOPPED out and would cost MOSt of uss $3000…

  5. ECA says:

    and Linux is FREE and we expect problems…
    WINDOWS is supposed to be a FINISH product, IT AINT supposed to have BIG GAPPING HOLES IN IT..

  6. #35 – Else

    >>people are starting to use Vista and
    >>finding that it’s not bad at all.

    That’s a very generous appraisal. Most people find that it sucks total ass.

    And even if it’s “not bad at all” (koff, koff), this is what we waited 6 years for? Something that requires 2 – 4x the hardware horsepower of XP, and works sorta, somewhat, kinda, as well as XP does (if tweaked properly)???

    WTF? I don’t know a single person, user or not, who’s enthusiastic about Vista.

    A chrome-plated turd? More like a turd wrapped in aluminum foil.

  7. QB says:

    IT departments aren’t rolling out Vista because they have no need to. Users aren’t clamoring for it, it doesn’t have any compelling features, and most corporate apps still run better on XP (SAP, Siebel, etc).

  8. Thinker says:

    #43 ??? Looks like you belong to ABM crowd.
    Thats ok. If you don’t want to use windows, don’t worry, you don’t have too. Sounds like your objections are more idological than technical.

    #44 Show me the specs of that $400 Dell. I’ll tell you how to run Vista on it.

    Keep in mind, Vista isn’t bad just because you don’t like it, or run it on older hardware.

  9. deowll says:

    Vista is a good solid stable OS. Ubuntu is a good solid stable OS. Apple has a good solid stable OS.

    Run what you want when you want it.

    Okay you can’t do that with Apple but the rest of us can and you can duel boot all three on the Mac.

    Just stop BSing about how bad Vista is. Way to many people have enough experience not to believe you.

  10. Me says:

    Wrong somebody else. Active X and .NET are Microsoft technologies and the underlying OS allows this penetration to happen. What a moron.

  11. Thinker says:

    My entire shop is Dell, from the laptops, to the desktops, to the servers.

    I am intimately acquanted with everything from the Vostro’s to Optiplex, to Precision and Power Edge systems.

    Like I said, if you under power something it just won’t perform like you’d like it too. That said, adding 512 to bring a $400 Dell box up to 1 GB of Ram doesn’t cost much. You can run Vista Home basic or premium on it. I wouldn’t do aero unless you move up to a bigger system. But still My wife got a Vostro 1500 notebook for $600, and thats with 2GB of RAM. She has a core2duo laptop that could easily take Vista Business (including Aero).

    Keep in mind that the vostro is Dells Budget line too!

    So hate it if you like, but Vista works very well. Sorry to bring you into reality and make you think.

  12. Somebody_Else says:

    #51 Me,
    I’d take you more seriously if you didn’t have to resort to calling me names, but hey, I disagree with you so I must just be a Vista shill. Logical arguments be damned.

    While versions of that software ship with the OS, they are not a part of the underlying technology. Also, as Thinker posted in post #33, the bugs found weren’t that big of a deal to begin with and should be easy to resolve, the methods are theoretical and very unlikely to be seen in the wild, and every seems to have overlooked the fact that 64-bit Vista is immune to these attacks.

    My point is that this was a software issue with .net and other applications, not a problem with the way Vista implements security. Any OS can be compromised by poorly written software.

    So far there have only been a handful of security issues with Vista, almost all of which have been caused by other software like Office. The only major bug I’ve seen that was a Vista issue was the cursors vulnerability they patched a year ago. Compared to XP, Vista is incredibly more secure.

  13. Paddy-O says:

    #41 “IIRC, Microsoft has since worked with the security companies to work out whatever issues they had.”

    Umm, no they haven’t. Kernel access is nowhere close to what it was in XP. Nice shill though.

  14. Nemesis says:

    Its fascinating, and undoubtedly completely coincidental, that wherever net fora exist slamming Micros**t’s rubbish operating system, there always exist one or two very active ‘defenders’ who completely independently, ‘rebut’ every factual contention that vista is faecal matter. Personally, I’m not too worried about security issues at the mo, all I want is an OS that can copy files, without having the ‘Calculating Time Remaining’ hanging for 5 mins, then telling me that its going to take 3 days to do a few 500 mb files.

  15. Brandon says:

    There was a comment placed. It said that any good built operating system could be comprimised by poorly written software. A good operating system stops poorly written software from comprimising the system.

    Programs should not be ran as an adminstrator; however windows does that. Windows was flawed from day one in it’s design. It was designed to be used in a single user enviroment.

    Windows design now allows non privillaged users to get esculated privillages because the shared librires were written with single user enviroments in mind.