LAS VEGAS — Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they’ve found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user’s machine.


Found by ECA on Cage Match.

  1. Bob says:

    Actually, with the Mojave experiment (from what I’ve read), people were simply shown a video of the OS and weren’t able to really try anything with it. When shown a video of an OS versus actually using the OS, it’s pretty easy to sugar coat everything in the video.

  2. Agrees_With_Somebody_Else says:

    Thank you for posting that. I’m a Vista x64 user and am quite happy… I even have Ultimate on my laptop at home and home edition on my wife’s computer. VISTA IS FINE.

    I love how people glom on to the hate train when bugs or security flaws are found on Microsoft products… as if Ubuntu is flawless and Mac is some kind of polished jewel.

    As a developer, I use all of these O/S at one time or another. They’re all good in their own right.

    I agree that this is an overblown headline… unfortunately, it has teeth and it has entered the media echo chamber. I get the feeling Microsoft abandoned hope for Vista’ marketing when they put the Windows 7 buzz out there.

  3. Thinker says:

    Here’s the other shoe. 🙂

    Read it, and for the Vista Hate Monger Crew…weep.

  4. Improbus says:

    Wow, two Microsoft shills to do damage control on this little web site. I feel honored by the attention. I hope they pay you guys overtime.

  5. Somebody_Else says:

    I sure wish Microsoft would pay me for doing what they should be doing.

    I’m a college student (computer engineering major) with a low-paying internship (not at Microsoft :)).

    Check out some of the larger computer forums (I mostly read HardOCP’s forums at The general consensus seems to be that Vista is actually a really good OS. You can see the same thing if you listen to TWIT or other shows, people are starting to use Vista and finding that it’s not bad at all.

  6. Improbus says:


    I want some of what you are smoking and I would like to wash it down with some vista kool-aid.

  7. Shenzhov says:

    “There’s nothing wrong with the product, people actually liked Vista if they though it was something else. What it shows is that Microsoft did a terrible job marketing.”

    Wait, so what you are saying is that all the early reviews of Vista, showing all the problems with this OS, were just a marketing problem?
    One of the first main stream reviews of Vista I read described it as “a chrome plated turd”
    I love that.

    So when my Vista 64 system just decides to reboot, on a clean install for no reason, or my video card crashes and tells me windows has encounterd an error and is shutting down to keep from causing damage…what kind of error is that by the way….all of this is just a marketing problem. Ubuntu on the same computer does none of this by the way.

    Translation. Vista is buggy and bloated and the users…you remember them right? The users are reporting lots of Vista issues and the problem is that us…Microsoft…have not done our marketing properly as in the past….all computer problems are the users fault. Buy an upgrade and our next OS.

  8. Somebody_Else says:

    I don’t really know what to tell you. I’ve built dozens of systems with Vista. I’ve run it on everything from my roommate’s 1.6 GHz Pentium M notebook with 1 GB of RAM to my quad core gaming machine with 4 GB of RAM. I’ve had no issues.

    It did take a couple of hardware companies a couple months to get decent drivers out (Nvidia and Creative come to mind), but otherwise it was smooth sailing right from the start. Even my LSI Logic U320 SCSI controller had a 64-bit Vista driver.

    Vista wasn’t perfect at launch, sure. It wasn’t a “chrome plated turd” either.

    Your own experiences don’t sound like what people have generally been experiencing. If I may ask, what hardware are you using? Do other OS’s boot fine on that system? Have you run memtest or any other test on it?

  9. Paddy-O says:

    #5 “McAfee joins Symantec protesting Vista kernel lockout.”

    Do you know WHY the protest? It is because if security software can’t LEGALLY access the kernel it won’t be able to protect against malicious kernel level s/w like root kits.

    The security companies knew that Vista wouldn’t prevent crims from accessing the kernel but the legal restrictions WOULD stop MS from certifying legit Security products.

  10. Paddy-O says:

    #35 “The general consensus seems to be that Vista is actually a really good OS.”

    Actually, the general consensus amongst Sys Admins is that they aren’t rolling it out to the corp desk top.

  11. Somebody_Else says:

    #5 and #39
    Did either of you bother to check the date on that story? It’s from October 2006.

    IIRC, Microsoft has since worked with the security companies to work out whatever issues they had. It’s a good thing in my opinion, most consumer level virus scanners do more harm than good. Microsoft wanted to have more control over how they were interacting with the OS.

  12. Thinker says:

    #40 You both are correct! Sys Admins woun’t roll it out until the hardware is refreshed, and/or the servers they connect to move to 2008.

    Not that this is any surprise to us Admins. Just because Vista works, and can work well doesn’t mean it follows it will be pushed to the corp. desktops.

    Its a non-sequitor for us.

  13. Shenzhov says:

    Microsoft said they were going on the offensive with Vista.
    Looks like the shills are out in force.
    Won’t help though. You can’t treat the users like fools and expect them not to move to something else. This isn’t the 90’s are people are smarter and have more choices.

    Ever notice the mantra coming from Balmer or Gates? Always about…what they and their business partners have in mind. Hardly ever about what’s good for the user.
    Apple is successful because they think of the end user first, then the business partners join because sales are going up.

    My last Windows system ever…you can bank on that.

  14. ECA says:

    I would like to SEE the systems used in that test…
    it WASNT that $400 DELL was it..
    I bet it was TOPPED out and would cost MOSt of uss $3000…

  15. ECA says:

    and Linux is FREE and we expect problems…
    WINDOWS is supposed to be a FINISH product, IT AINT supposed to have BIG GAPPING HOLES IN IT..

  16. #35 – Else

    >>people are starting to use Vista and
    >>finding that it’s not bad at all.

    That’s a very generous appraisal. Most people find that it sucks total ass.

    And even if it’s “not bad at all” (koff, koff), this is what we waited 6 years for? Something that requires 2 – 4x the hardware horsepower of XP, and works sorta, somewhat, kinda, as well as XP does (if tweaked properly)???

    WTF? I don’t know a single person, user or not, who’s enthusiastic about Vista.

    A chrome-plated turd? More like a turd wrapped in aluminum foil.

  17. QB says:

    IT departments aren’t rolling out Vista because they have no need to. Users aren’t clamoring for it, it doesn’t have any compelling features, and most corporate apps still run better on XP (SAP, Siebel, etc).

  18. Thinker says:

    #43 ??? Looks like you belong to ABM crowd.
    Thats ok. If you don’t want to use windows, don’t worry, you don’t have too. Sounds like your objections are more idological than technical.

    #44 Show me the specs of that $400 Dell. I’ll tell you how to run Vista on it.

    Keep in mind, Vista isn’t bad just because you don’t like it, or run it on older hardware.

  19. deowll says:

    Vista is a good solid stable OS. Ubuntu is a good solid stable OS. Apple has a good solid stable OS.

    Run what you want when you want it.

    Okay you can’t do that with Apple but the rest of us can and you can duel boot all three on the Mac.

    Just stop BSing about how bad Vista is. Way to many people have enough experience not to believe you.

  20. Me says:

    Wrong somebody else. Active X and .NET are Microsoft technologies and the underlying OS allows this penetration to happen. What a moron.

  21. Thinker says:

    My entire shop is Dell, from the laptops, to the desktops, to the servers.

    I am intimately acquanted with everything from the Vostro’s to Optiplex, to Precision and Power Edge systems.

    Like I said, if you under power something it just won’t perform like you’d like it too. That said, adding 512 to bring a $400 Dell box up to 1 GB of Ram doesn’t cost much. You can run Vista Home basic or premium on it. I wouldn’t do aero unless you move up to a bigger system. But still My wife got a Vostro 1500 notebook for $600, and thats with 2GB of RAM. She has a core2duo laptop that could easily take Vista Business (including Aero).

    Keep in mind that the vostro is Dells Budget line too!

    So hate it if you like, but Vista works very well. Sorry to bring you into reality and make you think.

  22. Somebody_Else says:

    #51 Me,
    I’d take you more seriously if you didn’t have to resort to calling me names, but hey, I disagree with you so I must just be a Vista shill. Logical arguments be damned.

    While versions of that software ship with the OS, they are not a part of the underlying technology. Also, as Thinker posted in post #33, the bugs found weren’t that big of a deal to begin with and should be easy to resolve, the methods are theoretical and very unlikely to be seen in the wild, and every seems to have overlooked the fact that 64-bit Vista is immune to these attacks.

    My point is that this was a software issue with .net and other applications, not a problem with the way Vista implements security. Any OS can be compromised by poorly written software.

    So far there have only been a handful of security issues with Vista, almost all of which have been caused by other software like Office. The only major bug I’ve seen that was a Vista issue was the cursors vulnerability they patched a year ago. Compared to XP, Vista is incredibly more secure.

  23. Paddy-O says:

    #41 “IIRC, Microsoft has since worked with the security companies to work out whatever issues they had.”

    Umm, no they haven’t. Kernel access is nowhere close to what it was in XP. Nice shill though.

  24. Nemesis says:

    Its fascinating, and undoubtedly completely coincidental, that wherever net fora exist slamming Micros**t’s rubbish operating system, there always exist one or two very active ‘defenders’ who completely independently, ‘rebut’ every factual contention that vista is faecal matter. Personally, I’m not too worried about security issues at the mo, all I want is an OS that can copy files, without having the ‘Calculating Time Remaining’ hanging for 5 mins, then telling me that its going to take 3 days to do a few 500 mb files.

  25. Brandon says:

    There was a comment placed. It said that any good built operating system could be comprimised by poorly written software. A good operating system stops poorly written software from comprimising the system.

    Programs should not be ran as an adminstrator; however windows does that. Windows was flawed from day one in it’s design. It was designed to be used in a single user enviroment.

    Windows design now allows non privillaged users to get esculated privillages because the shared librires were written with single user enviroments in mind.


Bad Behavior has blocked 5312 access attempts in the last 7 days.