Another gaping hole presented by Microsoft

By Dean Pullen: Friday, 08 August 2008, 3:24 PM

AT THIS WEEK'S Black Hat security conference, two security researchers will discuss their findings which could completely open Windows Vista to hackers.

Mark Dowd of IBM Internet Security Systems and Alexander Sotirov, of Vmware Inc. have together discovered a hack that can be used to bypass all memory protection safeguards that Microsoft programmed into the much-maligned Windows Vista.

The methods employed have enabled the researchers to bypass Vista's Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by simply loading malware through a standard web browser.

Dowd and Sotrirov were able to load any content they desired anyway on a user's machine using a variety of scripting languages, including ActiveX, Java, and .NET objects.

From a distance these seem like the usual standard exploiting of bsic-security, however other researchers have confirmed that this exploits is a major breakthrough - and there is very little that Microsoft can do to fix the problems.

Apparently, these attacks work differently than the majority of other hacks, as they take full-advantage of the way Microsoft chose to secure Vista's fundamental architecture.

Other researchers have since commented that they believe that we may see similar techniques applied to other operating systems, including previous version of Windows.

Microsoft has yet to officially respond to the findings, Mike Reavey, group manager of the Microsoft Security Response Center, said the company is aware of the research and is interested to see the results once they have been made public.

More over at Neowin.net. µ

Source