Is it Game Over for Windows Vista’s Security?

August 8, 2008  |  , , , , ,
`

vista

Reading through my RSS feeds today, I stumbled upon an interesting post over at Neowin entitled “Vista’s Security Rendered Completely Useless by New Exploit” which reports on a new technique that can “bypass all memory protection safeguards that Microsoft built into Windows Vista.

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection schemes that have been built into Windows Vista by Microsoft.  These new methods are basically used to get around Vista’s Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through a web browser.

In a nutshell, this hack is something that many of us weren’t expecting.

While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren’t based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista’s fundamental architecture. According to Dino Dai Zovi, a popular security researcher told, "the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over."

Microsoft has yet to post a statement officially, but they are apparently aware of the security issue and are waiting for the exploit to be made public. We can only wait and watch as to what comes up now…

If successful this could be a mess as good as the DNS exploit in the wild these days. This can potentially change the whole view of how the industry thinks about hacks in my opinion. Microsoft will have a quite a lot of work on hands in the coming days, I’m sure. We’ll know more about this in the near future and there even lies possibility of being faced with the prospect of your "secure" server being stripped completely naked of all its protection.

You think its game over for the already struggling Vista?

Bookmark and Share
 
Tags: , , , , ,

Related Posts


  • beppez
    windows vista aslr is break, linux aslr is break and now??????
  • csweep1
    we should be careful not to believe that things are just black and white. All sides are often "right". To me, yeah, whatever the platform is ,it evolves as a result of overcoming its own short-comings. But what pisses me off a little is that this defect is made common knowledge to people all over the world..some of whom think its cool to s**t on everybody else b/c their life sux. It would be a lot more socially responsible not to spread the info about this bug until theres a fix for it (while still giving support for inquiries). Sometimes I think I'm the only person who has had an excellent experience with Vista, and I'm a pretty demanding user (15-20GB/wk used for either new files or software). So far its my favorite OS (2nd is 2000Pro & Nt, HATE XP). Usually I reinstall the OS 1x per 6 months. I've only needed to do it once in 10 so far...swweeet. Guess I'll have to wait and see if anything becomes of this latest threat to Mojave...
  • geeweed
    cool!
  • c4xp
    The more hacked a OS is, the more stable it gets... And this is actually GOOD news ! Imagine being in a some kind of future interplanetary war and completely obliterating our IT infrastructure in 1 blow. I think this is quite foreseeable in the distant future.
    So ... power to the hackers !
  • Dan
    @ BHAVIN

    If Apple were to release a version of OSX for the PC, sales of Macs would drop massively. Nobody in their right mind would spend a fortune on a Mac when they could just as easily buy or build a cheap PC and put OSX on it.
  • Bhavin
    Ok i agree that vista has major blockholes... and microsoft is not a better OS producer...fine
    wat next...i hav heared a lot n would love to use Mac OSX on my pc....then why the hell Apple does'nt release Mac OSX version for PC... i mean if they do so...its their profit...world will put a stop to vista n other OSes...i wish steve will hear this urge from all of us n do as above...

    I hav used mac osx86 kalyway n iAtkos v1...but its not as satisfactory as real one..
  • Yikes! I'm glad I don't have Vista yet.
  • wyldstallyns2589
    Vista eats RAM but it uses makes it so your computer is faster instead of just using what it needs, it will keep data from commonly used programs in the RAM so they will start faster.

    i've also never had a blue screen error since like windows 95 i think.

    and i love the new start menu where you can just type the program you want and hit enter, and i like the breadcrumbs. other than that, it's just looks.
  • PC
    I think this is great. These things should be done more often to get the monopoly of Microsoft down to where it deserves to be.

    Besides, the only thing i find in Vista that is really better than the previous Microsoft OS is the looks. The rest is slow, it is a BlueScreen Nightmare, a memory eater... no wonder the security issues are **** also.
  • IanG
    LOL @ Vista... Oh wait, i use Vista,(shrugs shoulders) oh well i will just use it for online gaming.
  • I really liked the picture of this post. It is very funny. : - )


    ~ Ramesh ~
  • wyldstallyns2589
    why do people want to do this crap anyways? jerks :(
blog comments powered by Disqus