Game Over For Windows Vista’s Security?

Posted by Martin in Security, Windows  Tags: , , , ,

8

Aug



I picked up an interesting story over at Neowin entitled “Vista’s Security Rendered Completely Useless by New Exploit” which reports on a new technique hat can “bypass all memory protection safeguards that Microsoft built into Windows Vista.”

The researchers were able to load whatever content they wanted into any location they wished on a user’s machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.

Instead of exploiting a security vulnerability the researchers Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. of the architecture of Windows Vista. Another researcher described the technique as “completely game over.”

It’s currently not known if other operating systems are vulnerable as well but it is very likely. The best against this attack would be an add-on like NoScript that would most likely prevent it completely.


Like such posts? Get updates via RSS NEWS FEED. Love Ghacks? Find out how you can help!

12 Users Commented In This Post

Subscribe To This Post Comment Rss Or TrackBack URL
GRTerrero says:

Crap!

But I have NoScript on Firefox installed. Still use IE to test blogs and websites.

Still…CRAP!

(That’s a technical term.)

darkkosmos says:

No fear, having a real antivirus saves you from all those troubles. It’s going to be fixed soon though much like the last linux root exploit.

Dante says:

Sorry to disappoint, darkkosmos. I went and checked out the reports from the BlackHat conference. It appears to use .net dlls and scripting (any type of scripting). This will bypass any antivirus out there. Antivirus programs are not designed for this.

Dante says:

And I’m pretty sure he’s using a Null Pointer hack to load the dlls.

darkkosmos says:

Dante how does memory corruption stop an anti virus? My anti virus terminates any application/loaded dll that behaves strangely and purges it into the “bucket”, so even if it gets in it won’t work and this all depends on .Net which I don’t have and I think my anti virus scans memory too.

Dante says:

@ darkkosmos. Your anti-virus doesn’t stop behaviors. It stops programs with codes that match existing virus codes (signatures). Or it does a heuristic scan to see if it looks even remotely like a virus code. But your anti-virus does not know what is or is not proper program behavior.

This is why firewalls are recommended as a companion to anti-virus programs. They show any weird activities that your PC might have. Like suddenly dialing out to Russia.

And using a null pointer hack, a hacker can load legit functioning dll’s in memory. Than use it to write programs into harddrive and registry. All perfectly normal to an anti-virus program. At least, this is what I’m thinking this exploit is.

Of course, I’m not a hacker :)

Dante says:

Oh, sorry. Forgot something. You might be referring to anti-viruses blocking changes to the registry. But that’s only because the OS allows it to block the changes to registry. .Net dll’s will override that - for your own convenience of course.

darkkosmos says:

No I mean it, sometimes my anti virus stops firefox (annoying). and explain to me how a legit looking dll can cause havoc on my system?

Dante says:

to “darkkosmos” that’s because the dll in question carries codes that match a virus signature. Or it is set to change your registry and it’s just warning you that the registry will change.

darkkosmos says:

So what stops this “legit” looking dll from being marked as a virus? (+I don’t even have .net, this is a “if”)

Chris says:

If it uses activex controls everyone knows already those are the most popular form of virus on the net to screw your computer. I don’t dl them unless I need to go to a site for work.

Dante says:

A null pointer hack does not need activeX to succeed. And darkkosmos, if you have Vista, you have .Net :)

Leave Your Comments Below
Hello, please leave your thought below

Please Note: Each comment will be manually approved by an admin. There is no guarantee that a comment will be posted. Please do not submit the comment multiple times.