Vista's Security Rendered Completely Useless by New Exploit

[jaguarr]

http://www.neowin.net/news/main/08/...ty-rendered-completely-useless-by-new-exploit

Vista's Security Rendered Completely Useless by New Exploit
Posted by Jason Kelley 16 hours ago · 61 comments & 42781 views



This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees.

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista's Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser. The researchers were able to load whatever content they wanted into any location they wished on a user's machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.

While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren't based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista's fundamental architecture. According to Dino Dai Zovi, a popular security researcher, "the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."

According to Microsoft, many of the defenses added to Windows Vista (and Windows Server 2008) were added to stop all host-based attacks. For example, ASLR is meant to stop attackers from predicting key memory addresses by randomly moving a process' stack, heap and libraries. While this technique is very useful against memory corruption attacks, it would be rendered useless against Dowd and Sotirov's new method. "This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista," said Dai Zovi to SearchSecurity.com. "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."

While Microsoft hasn't officially responded to the findings, Mike Reavey, group manager of the Microsoft Security Response Center, said the company has been aware of the research and is very interested to see it once it has been made public. It currently isn't known whether these exploits can be used against older Microsoft Operating Systems, such as Windows XP and Windows Server 2003, but since these techniques do not rely on any one specific vulnerability, Zovi believes that we may suddenly see many similar techniques applied to other platforms or environments. "This is not insanely technical. These two guys are capable of the really low-level technical attacks, but this is simple and reusable," Dai Zovi said. "I definitely think this will get reused soon."

These techniques are being seen as an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks. Expect to be hearing more about this in the near future and possibly being faced with the prospect of your "secure" server being stripped completely naked of all its protection.

More proof that Vista is absolute junk.

jag

 

[Sugarculted]

More proof that Vista is absolute junk.

jag

QFT. I think my girlfriend now knows why I was informing her not get a Vista installed laptop. It's my first time using it, and I'd rather stick needles in my eyes then get this for myself.

 

[Darthphere]

I'm going Apple.

 

[jaguarr]

This really shifts the paradigm on Windows security vulnerabilities. The fact that this sort of approach can basically completely render the entire OS irreparably vulnerable should scare the living crap out of any Vista user. Go Mac. Go Linux. Go UNIX. Hell, go Commodore 64. But get the hell away from Microsoft's operating systems. ESPECIALLY if you are running them in the enterprise. The moment someone uses this vulnerability to take over a credit bureau's systems or the IT infrastructure of a major credit card company is the moment maybe people will start waking up. Unfortunately, it will take a huge financial impact, felt by a lot of people, to really get all of these critical systems off of Windows OS's.

jag

 

[terry78]

Dude at work is convincing me to try out Ubuntu Linux on my notebook. I already downloaded it onto a CD, will try it out tonight. I should be able to use an emulator to get microsoft apps to work on it, right?

 

[jaguarr]

Dude at work is convincing me to try out Ubuntu Linux on my notebook. I already downloaded it onto a CD, will try it out tonight. I should be able to use an emulator to get microsoft apps to work on it, right?

Should be able to. WINE can be hit or miss with a lot of stuff, but most of the Microsoft apps work or can be rigged to work under it. Or just run Open Office. It's as good if not better than MS Office. There is a ton of open source and freeware apps for Linux, Mac and UNIX that are absolutely excellent and really make using Microsoft apps unnecessary.

jag

 

[Crook]

Eh, I'm not really against Vista as a lot of people are. Granted, I mostly use my Mac nowadays, but I still "need" a PC for gaming and such. Emulators are ok, but I've tried my hand on them and I find the real thing to be much more effective and less time-consuming.

 

[Rando Aces]

mac ftw.

 

[DDS]

Ah, crap...pretty much all the school's in my district are using Vista's. Until they fix this, Microsoft should give a refund for everyone who owns a Vista. They suck to begin with, and now they're sitting ducks (that still suck).

 

[jaguarr]

Eh, I'm not really against Vista as a lot of people are. Granted, I mostly use my Mac nowadays, but I still "need" a PC for gaming and such. Emulators are ok, but I've tried my hand on them and I find the real thing to be much more effective and less time-consuming.

If you have an Intel-based Mac have you tried dual-booting it with Windows? Would eliminate the need for two machines, unless you're one of those uber-gamers who has to have a $15,000 PC to play games on. At least run XP. The article above alone should scare anyone away from running Vista.

jag

 

[black_dust]

Bill Gates is an *******

 

[jaguarr]

Bill Gates is an *******

Word, son! Don't forget Ballmer, though. He's large (literally) and in charge at M$ now and you can pretty much thank him for Vista.

jag

 

[Crook]

If you have an Intel-based Mac have you tried dual-booting it with Windows?

I thought about it, but I'd need to partition part of my hard drive specifically for Windows, right? I only use a PC for gaming, and there's not much you can do there when your Macbook is 12 inches, low on hd space, and has a 2 year old graphics card. Not really worth it for my current model.

Would eliminate the need for two machines, unless you're one of those uber-gamers who has to have a $15,000 PC to play games on.

Well, more like 5,000 tops.

I was planning on getting a new desktop anyway, as my Mac is just a laptop. I guess getting a really big hard drive with a Mac Pro would let me use Windows and Mac, but again, I only use Windows for gaming. Not sure how the graphic card thing works out there, especially with a Mac system. I take comfort with just inserting a game disc and going straight through gameplay without having the hassle of setting things up because of variables.

At least run XP. The article above alone should scare anyone away from running Vista.

One thing I'm confused about, how does the "code" make it's way to the system? Is it by visiting certain websites or does it just randomly come outta nowhere? I use FF3 and browse only 6 or so sites, all very popular and "safe". There a likely chance I'm in danger if I browse with Vista?

 

[jaguarr]

I thought about it, but I'd need to partition part of my hard drive specifically for Windows, right? I only use a PC for gaming, and there's not much you can do there when your Macbook is 12 inches, low on hd space, and has a 2 year old graphics card. Not really worth it for my current model.

Admittedly, gaming on a 12 inch screen would leave a lot to be desired. But, yes, you'd need a separate partition for the Windows install. This can be done without losing any of your Mac data or install, though. Pretty straightforward, actually.

Well, more like 5,000 tops.

Pffft! You're an amateur gamer at best, then.

I was planning on getting a new desktop anyway, as my Mac is just a laptop. I guess getting a really big hard drive with a Mac Pro would let me use Windows and Mac, but again, I only use Windows for gaming. Not sure how the graphic card thing works out there, especially with a Mac system.

A Mac Pro would definitely work well for the dual-boot purpose. The graphics cards are more than adequate in them.

One thing I'm confused about, how does the "code" make it's way to the system? Is it by visiting certain websites or does it just randomly come outta nowhere? I use FF3 and browse only 6 or so sites, all very popular and "safe". There a likely chance I'm in danger if I browse with Vista?

Just being on the 'net, most systems broadcast their presence in one form or another (particularly Windows boxes, which are very noisy in their network protocol stacks). So, even limiting what websites you visit might not be enough to keep you from attracting the attention of some hacker, though it does help. But knowing that there's this unfixable security hole in Vista should be enough to make people not want to have it on their system. The real concern, as I alluded to above, is all the enterprise systems that hold things like people's credit records or credit card information; those are the real target and the real vulnerability. The fact that Microsoft most likely won't be able to fix these holes is alarming as hell.

jag

 

[Crook]

A Mac Pro would definitely work well for the dual-boot purpose. The graphics cards are more than adequate in them.

Oh ok, so if I dual-boot on the Mac I wouldn't have any sort of problems playing games due to it being a Mac system and gfx card? Are they comparable to the high-end Windows versions though? Whenever I do get my desktop, I'm gonna be spending as much as I can on it as I'm not a particular fan of upgrading parts on a monthly/yearly basis. I take solace that my first purchase will be able to last me a good 3 or 4 years. So it's really important for me that the graphics card I buy to be top-of-the-line.

Just being on the 'net, most systems broadcast their presence in one form or another (particularly Windows boxes, which are very noisy in their network protocol stacks). So, even limiting what websites you visit might not be enough to keep you from attracting the attention of some hacker, though it does help. But knowing that there's this unfixable security hole in Vista should be enough to make people not want to have it on their system. The real concern, as I alluded to above, is all the enterprise systems that hold things like people's credit records or credit card information; those are the real target and the real vulnerability. The fact that Microsoft most likely won't be able to fix these holes is alarming as hell.

Ah, thanks for the clarification. I rarely use Vista anyway, but on the slim chance my comp does get targeted, they're not really gonna find anything other than video game files and some high-quality porn.

All my important data and documents are on the Mac.

 

[jaguarr]

Oh ok, so if I dual-boot on the Mac I wouldn't have any sort of problems playing games due to it being a Mac system and gfx card? Are they comparable to the high-end Windows versions though? Whenever I do get my desktop, I'm gonna be spending as much as I can on it as I'm not a particular fan of upgrading parts on a monthly/yearly basis. I take solace that my first purchase will be able to last me a good 3 or 4 years. So it's really important for me that the graphics card I buy to be top-of-the-line.

Do you have an Apple store nearby? Go talk to the guys at the Genius Bar about your gaming needs and how you could use a Mac Pro to meet them. It's very, very doable.

Ah, thanks for the clarification. I rarely use Vista anyway, but on the slim chance my comp does get targeted, they're not really gonna find anything other than video game files and some high-quality porn.

All my important data and documents are on the Mac.

jag

 

[terry78]

I never got why people would pay all that money for a gaming pc workhorse when a 360 or PS3 produces the same quality as far as the eye and ear candy.

 

[Wilhelm-Scream]

I never got why people would pay all that money for a gaming pc workhorse when a 360 or PS3 produces the same quality as far as the eye and ear candy.

er............'cause there are a million awesome games that you can't play on a 360 or PS3?

And did you ever try to create a Half Life mod on a PS3?
If all of your friends are playing Sword of the New World or Asheron's Call...you can buy all of the consoles you want, you still can't play along with them.

 

[The Squirrel]

QFT. I think my girlfriend now knows why I was informing her not get a Vista installed laptop. It's my first time using it, and I'd rather stick needles in my eyes then get this for myself.

I didn't want Vista on my laptop, but it didn't give me the choice.

I miss XP.

 

[The Squirrel]

I never got why people would pay all that money for a gaming pc workhorse when a 360 or PS3 produces the same quality as far as the eye and ear candy.

Because the Best PC can kick the 360/ps3's butts on graphics.

 

[Kable24]

I didn't want Vista on my laptop, but it didn't give me the choice.

I miss XP.

Same here and installing XP on a computer that had Vista is a pain in the butt.

I'll take my XP machines over Vista anyday and I'm not a fan of MAC's, and/or Linux even though I am typing this from my Linux box at work.

 

[Lemon]

I didn't want Vista on my laptop, but it didn't give me the choice.

I miss XP.

True same here, I was a bit sad .

 

[Darthphere]

Yeah, it really sucks that laptops are pre-loaded with Vista now, hence my decision to go Mac on everyone's asses.

 

[Krypton Girl]

You know, I knew there was a reason I didn't want to upgrade besides laziness. What a piece of junk.

 

[jaguarr]

Yeah, it really sucks that laptops are pre-loaded with Vista now, hence my decision to go Mac on everyone's asses.

One of us! One of us! Gabba gabba hey!

jag