Badnews: Vista security useless against new exploit

[Marik]

This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees.

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista’s Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser. The researchers were able to load whatever content they wanted into any location they wished on a user’s machine using a variety of objects, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.

While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren’t based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista’s fundamental architecture. According to Dino Dai Zovi, a popular security researcher, "the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over."

According to Microsoft, many of the defenses added to Windows Vista (and Windows Server 2008) were added to stop all host-based attacks. For example, ASLR is meant to stop attackers from predicting key memory addresses by randomly moving a process’ stack, heap and libraries. While this technique is very useful against memory corruption attacks, it would be rendered useless against Dowd and Sotirov’s new method. "This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista," said Dai Zovi to SearchSecurity.com. "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they’re safe because they’re .NET objects, you see that Microsoft didn’t think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."

While Microsoft hasn’t officially responded to the findings, Mike Reavey, group manager of the Microsoft Security Response Center, said the company has been aware of the research and is very interested to see it once it has been made public. It currently isn’t known whether these exploits can be used against older Microsoft Operating Systems, such as Windows XP and Windows Server 2003, but since these techniques do not rely on any one specific vulnerability, Zovi believes that we may suddenly see many similar techniques applied to other platforms or environments. "This is not insanely technical. These two guys are capable of the really low-level technical attacks, but this is simple and reusable," Dai Zovi said. "I definitely think this will get reused soon."

These techniques are being seen as an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks. Expect to be hearing more about this in the near future and possibly being faced with the prospect of your "secure" server being stripped completely naked of all its protection.

Source: DotNetWizzard

[shought]

Urhmmmmmm, that sucks... For MS :P But for us too, because this looks like XP might be at risk too, or am I totally wrong here?

[Marik]

just stop using win upd then, like i do...i haven't used win upd for more than 5 months

[manpe]

I didn't understand a single explanation in that text :P Too high-tech ... But what I realized is that Vista is under thread, that's kinda bad. I hope that their breakthrough helps Microsoft strengthen its security systems.

[shought]

just stop using win upd then, like i do...i haven't used win upd for more than 5 months

Huh? I don't think you understand or you know more than I do, but as far as I'm concerned this exploit isn't a 'new security breach', it's just a new way of sneaking past DEP and stuff like that.

(...), as they aren’t based on any new Windows vulnerabilities, (...)

[rKAnjEL]

bad news? I think you meant "old news". Everybody knows Vista is pretty much a piece of junk.

[vin3e]

Vista isnt bad. The user who lets himself get into such a situation would be at fault.

I use to follow the "Vista Hate" group, although still not as well designed as XP in terms of simplicity, I very much like everything else

[rKAnjEL]

People hate Vista mainly because it's a resource hog! not to mention XP delivers better performance.

[Bizarre™]

People hate Vista mainly because it's a resource hog! not to mention XP delivers better performance.

Agreed. :P

[alaindc]

People hate Vista mainly because it's a resource hog! not to mention XP delivers better performance.

Agreed.

my system (not so old, and with 2 gigs of ram), is much more responsive with XP.

i hate Vista long time to "calcul the time remaining" to burn or copy.

and copy/paste things is a pain, and take much more time than with XP (even with Vista SP1)

i now use Desktop Sidebar ,free, to have one of the thing i miss about Vista.

[xxbjdxx]

bad news? I think you meant "old news". Everybody knows Vista is pretty much a piece of junk.

and how do you know its a piece of junk??

do you have vista?? or had it??

or did you just "hear" about it, go down to your local best buy, do a couple clicks around, and not see your precious "start" text, then decided its a piece of junk???

LMFAO

[rKAnjEL]

bad news? I think you meant "old news". Everybody knows Vista is pretty much a piece of junk.

and how do you know its a piece of junk??

do you have vista?? or had it??

or did you just "hear" about it, go down to your local best buy, do a couple clicks around, and not see your precious "start" text, then decided its a piece of junk???

LMFAO

First of all, I do NOT appreciate the sarcasm!

I been using PCs since the 386 and the DOS (as in the OS not that kiddies prompt you see now), so I do know a thing or two.

Of course I've used Vista, different flavors and on different machines, and yes, it IS a piece of junk!

• it's not as secure as they claim
  
• the OS itself is freakin resource hog
  
• it delivers horrible performance (especially with apps that requires alot of power)
  
• it's compatibality still sucks
  
• I haven't read a single half-decent review that actually praises Vista, most (if not all) attack it and consider it a failure.
  

Now, I suggest you watch you're saying and keep your sarcasm to yourself!

Edit: Some interesting links regarding the subject at hand

From Microsoft comes VISTA---the most torturous computing experience ever devised.

The results show that Vista's memory architecture is significantly slower than XP. Microsoft released a product that will make many .Net applications run slower. At this point, we do not recommend running client-based .Net applications on Vista that require large data processing. And unless it's imperative that users have an operating system with a more exciting look and feel, XP will offer better performance than Vista.

Source: http://www.crn.com/software/198702242

There's No Doubt: Vista Sucks

Should Microsoft Throw Away Vista?

Why Vista Sucks

[Lite]

There is alot of evidence based on opinion being presented in this thread - everyone is entitled to there own.

Vista might be suitable for one person and not for another. The same applies to Linux, MacOS etc.

Let not get into pointless arguements about something like this :unsure: