Windows Vista security broken?
If a new report on security in Vista is true, Microsoft has a big headache. Neowin reports:
This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees.
Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista’s Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser. The researchers were able to load whatever content they wanted into any location they wished on a user’s machine using a variety of objects, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.
While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren’t based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista’s fundamental architecture. According to Dino Dai Zovi, a popular security researcher, “the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.”
Microsoft has heavily emphasized the supposed security of Vista as one of its biggest selling points. It will be very important to see how the company handles this development. From reading some comments, I get the impression that, while not good, things may not be quite as apocalyptic as the citation above suggests. One comment says:
if you use vista as an administrator with UAC disabled (no protected mode in IE), if there is a flaw in IE or Firefox, the flaw will be as successfully exploited as under Windows XP
So, Windows Vista with UAC enabled and IE protected mode enabled is still more secure than Windows XP, and users are not more at risk than before.
UAC and Protected mode are still efficient, so these hackers are clearly lying when they say that vista security systems are now completely useless since UAC and protected mode are the two best protection features in vista. Those who have been defeated were only minor protection features.
So it remains to be seen exactly how serious this problem is.
Update: An article, The sky isn’t falling: a look at a new Vista security bypass, gives a good discussion about what is and isn’t broken in Vista security. Its conclusion:
Even with the attacks described in the paper, Vista has many worthwhile security improvements compared to XP. Internet Explorer on Vista runs in a highly restricted environment, so that even when it is running malicious code it cannot harm the system. Stories suggesting that Vista’s security is now irredeemably broken are far off the mark; the truth is merely that some of its automatic security protection is less effective than it was before.
Still, it puts a dent in Microsoft’s bragging about Vista’s greater security.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Thanks for pointing out this possible security problem.
If I use Firefox and with the NoScript add-on am I protected from this problem?