“This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees,” Jason Kelley reports for Newwin.net.
“Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista’s Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser. The researchers were able to load whatever content they wanted into any location they wished on a user’s machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System,” Kelley reports.
MacDailyNews Take: Microsoft Windows is insecure? Who would’ve guessed?
Kelley continues, “While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren’t based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista’s fundamental architecture. According to Dino Dai Zovi, a popular security researcher, ‘the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.'”
Kelly reports, “‘This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista,’ said Dai Zovi to SearchSecurity.com. ‘If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they’re safe because they’re .NET objects, you see that Microsoft didn’t think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force.'”
Full article here.
[Thanks to MacDailyNews Reader “Wingsy” for the heads up.]
Boom! Yet another reason, as if you needed one, to Get a Mac.
Sounds heavy doc….
Well, given the difference in OS architectures, say, between Windows and OS X, I highly doubt something that brings down Vista will have the same effect on a Mac.
At best, exploits on the Mac are very localized (affecting only Safari/QuickTime etc), since accessing the root is essentially not an option, and the fact that registry modifications need user input beforehand.
The Mac can only be fubared by the user themselves, at the end of the day.
I was concerned about the statement at the end of the article…
“These techniques are being seen as an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks. Expect to be hearing more about this in the near future and possibly being faced with the prospect of your “secure” server being stripped completely naked of all its protection.”
Are we sure we are immune from this?
Thanks Andy, It’s like you read my post before I posted it!
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
pc people call us fanboys.
just watch as they circle the wagons and say this is no big deal.
if any one lives is a reality distortion field, its pc defenders.
Oh, but I did hear that Mojave fixes this vulnerability!
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
LOL. I just sent this article to MDN a few minutes ago.
What’s troubling is that it can bypass DEP, which any Intel-based system uses, therefore any platform could potentially be at risk.
Then again, there’s not much detail on what was required to make the exploit happen.
If they knew in the early 1990s what we know now about what Windows has become, would business still have chosen Windows?
Some companies don’t allow iPods, memory sticks, floppy drives; they lock the airwaves with encrypted wireless, restrict access through VPN, change passwords monthly, run 5 apps for virus, firewall, spam filtering, anti-phishing, etc yet still allow Windows. I just don’t get it…
@Wings2sky
I’m sure Apple are more than aware of any threats as you mention. However, the most important word in the article piece you highlighted is ‘possibly’.
Fear is a very powerful tool.
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
And remember, UNIX has a much better security advantage over Windows ever will.
I think the key phrase is that Microsoft trusts the download cause it is from .net.
“‘If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they’re safe because they’re .NET objects, you see that Microsoft didn’t think about the idea that these could be used as stepping stones for other attacks.”
Another rush effort by Microsoft that always assumes that Microsoft will never error so they can trust themselves.
Just a thought.
en
This will be a non issue. Hackers, Virus writers and Botnet attackers aren’t looking for a total end-around to exploit. Oh sure that might have been fine in the 90s but this era is different.
These days malware writers are looking for more subtle and refined exploits. They want something that offers a delicate balance of subtlety and intrigue. So while this exploit could “theoretically” earn hackers millions of dollars in credit card numbers, email spam lists, and identity theft I am confident they will ignore this for a more cerebral exploit that is worth their while.
Disruption of services will definitely impact even the most casual of observers but imagine for a minute if the corporate world had embraced Vista with the same zealousness with which Ballmer has been extolling its virtues and we have a melt down of the economy by several orders of magnitude.
Felonious Bill made a quick and timely exit.
“therefore any platform could potentially be at risk”
In other news, anyone can say anything without proof, examples or any detail whatsoever to sound important.
@HMCIV
I figure that bringing an entire system down would make a hacker’s life much more difficult, since it’s a surefire way to piss people off (and get the gov after you, if you attack federal servers).
As you say, it’s more likely hackers will be more subtle (and much more malicious) by extracting info from a comp piecemeal, being hidden in network traffic and all that.
And thankfully, Apple have already thought of that.
Oh SNAP.
Eh, I hate to break this to everyone, UNIX is the most open faced OS ever, its also been around for ever, so its both a blessing and a curse.
Everybody knows the vulnerabilities, and possible fixes, everybody.
Super-scary article completely devoid of hard facts and evidence. Nothing to see here at least until the sky starts falling.
Oh and Kudos to the French Reporters who thought it would be a good idea to hack the Network at the Black Hat Awards.
<a href=”http://ap.google.com/article/ALeqM5i_kwz9PQAu5EHgJfbaCx-a5i6jmgD92E4IMGA”>
I’ll do a Google search for your names and passport numbers in a couple days to see how many hits we get.
” width=”19″ height=”19″ alt=”cool smirk” style=”border:0;” />
“If they knew in the early 1990s what we know now about what Windows has become, would business still have chosen Windows?”
This is a phrase similar to what we hear these days about WMD in Iraq (If they new they were lied to, would they have voted for the war?). And the answer is probably just as clear and unambiguous…
be interesting to see how this shakes out…..
i won’t be shocked if it turns out vista in beyond repair, but i won’t be shocked to find out this is just grand standing by the researchers either.
“may you live in interesting times.”
@Joe
And that’s why Apple took the bsd linux derivative Darwin. Apple applied its own stamp to this form of UNIX and made it as secure and rock solid as they could.
OS X isn’t exactly open-source, and hasn’t been for a while now.
“If they new they were lied to, would they have voted for the war?”
A retarded, coke head good ol’ boy with the lowest approval rating in U.S. history who gets his instructions from God would never lie.
“I’m honored to shake the hand of a brave Iraqi citizen who had his hand cut off by Saddam Hussein.”
– Dumbya
Well, now. IBM Internet Security Systems and VMware found this little problem in Vista — that’s right, the OS where MS chose to annoy users with security dialogs because it was the users’ behaviour that needed changing. Uh huh. Those darn users just need to stay out of the internet’s tubes…
Hasta la vista, Vista!
A retarded, coke head good ol’ boy with the lowest approval rating in U.S. history who gets his instructions from God would never lie.
lowest approval ratings? You mean congress? They are in single digits.
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />