On last.fm: Green Day - Listen free and discover!
BNET Business Network:
BNET
TechRepublic
ZDNet
110 TalkBacks

By Joris Evers
Posted on ZDNet News: Oct 21, 2006 12:29:00 AM

Microsoft has changed Windows Vista to prevent a hack that was demonstrated at a high-profile security event this summer, but the fix may spell trouble.

Joanna Rutkowska, a Polish researcher at Singapore-based Coseinc, demonstrated the hack at Black Hat in August. She showed that it was possible to bypass security measures in 64-bit versions of Vista meant to prevent unsigned driver code from running. The bypass could allow the installation of malicious drivers--a serious threat, because they run at a low level in the operating system.

Rutkowska also tried out her exploit on Windows Vista Release Candidate 2, the final test version of the operating system released earlier this month. "It quickly turned out that our exploit doesn't work anymore," Rutkowska wrote on her blog late Thursday.

This is good news, but it might hold some problems. Microsoft appears to have thwarted the attack by blocking write-access to raw disk sectors for applications that run in user-mode, even if they are executed with elevated administrative rights, Rutkowska wrote. "Which is a bad idea," she wrote.

Microsoft's way of blocking the attack can cause compatibility trouble for programs such as disk editors and recovery tools, Rutkowska wrote. Such applications now will need their own, signed kernel-level driver to function, she wrote.

Moreover, Microsoft's way of blocking the attack is not a real solution to the problem, Rutkowska argued. An attacker could hijack a legitimate driver and still do evil, she said. "There is nothing which could stop an attacker from borrowing such a signed driver and using it to perform the…attack," she wrote.

The change that was made was the one that was most appropriate from a "time and impact to product, versus mitigation of the threat" aspect, said Stephen Toulouse, a program manager in Microsoft's Security Technology Unit. "As far as the application compatibility angle, we believe the change won't result in significant app compat issues. Remember, this is on 64-bit versions only," he said in an e-mail.

Toulouse also pointed out that in order for the attack to occur, the attacker must gain administrator rights on the machine. That means her attack would be foiled by Microsoft's user account control, a Vista feature that runs a PC with fewer user privileges. UAC is a key Microsoft effort to prevent malicious code from being able to do as much damage as on a PC running in administrator mode, a typical setting on Windows XP.

"It is very difficult to protect a computer from deliberate actions from its own administrator," Toulouse said. "However we felt that Joanna's technique was something we could implement a change to help prevent."

During her Black Hat presentation, attended by several Microsoft employees, Rutkowska suggest two alternative ways the software maker could fix the Vista problem. "But it seems that Microsoft actually decided to ignore those suggestions and implemented the easiest solution, ignoring the fact that it really doesn't solve the problem," she wrote.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 110 Talkback(s)
He sure does
"Mike Cox writes some of the best satire on the web"

He sure does. (Read the rest)
Posted by: georgeou Posted on: 10/26/06 You are currently: a Guest | | Terms of Use
Isn't that the Microsoft way?  Linux User 147560 | 10/20/06
She wrote... exactly...  Linux User 1 | 10/22/06
You mean fixing it before it's an issue.  No_Ax_to_Grind | 10/22/06
They didn't fix it  Linux User 147560 | 10/23/06
Isn't it prudent to mitigate the threat with a patch ...  ShadeTree | 10/23/06
It's all a matter opinion  FatherJ | 10/23/06
Re: It's all a matter opinion  none none | 10/24/06
This "hacker" is foolish...  Mike Cox | 10/20/06
But seriously  thookerov | 10/20/06
Bullet proof?  stun13@... | 10/20/06
To fix or to fix correctly...  n8Mills | 10/20/06
By the way, Mike Cox is always joking  georgeou | 10/22/06
Yeah...RIGHT.  QueenMama | 10/23/06
Actually George is right on both counts  maldain | 10/23/06
Not just sysadmin  rwest@... | 10/24/06
He sure does  georgeou | 10/26/06
Choke (1)  sbj | 10/20/06
Check your expectations  andrej770 | 10/21/06
On The Other Hand  Ole Man | 10/23/06
Just so long as you keep it real?  Cayble | 10/23/06
Who are you and  Hrothgar - PCLinuxOS User | 10/25/06
9.25 for all of the fish Mikey!  osreinstall | 10/22/06
Chomp chomp chomp  tic swayback | 10/22/06
What is even funnier...  osreinstall | 10/24/06
The net!  X Marks The Spot | 10/22/06
Mike, I Love You!  QueenMama | 10/23/06
Mercedes?  geoff.stephens@... | 10/23/06
HMMMMMMMMM  xwerfx | 10/23/06
That's Funny  mtn.brk@... | 10/24/06
Huh?  notsofast | 10/23/06
Ya, its a joke. A rather old one...  Cayble | 10/23/06
It IS Incredible, isn't it?  justchange@... | 10/23/06
Justchange hit the nail on the head LOL  tfahs_orcim | 10/24/06
Message has been deleted.  Jay E Court | 10/23/06
Children Annoy Me  T2mg2003 | 10/25/06
Mike lampoons!  Hrothgar - PCLinuxOS User | 10/25/06
The day MICROSUCKS delivers a secure O/S, pigs will fly  BeGoneFool | 10/20/06
Amen to that!!  nicodoggie | 10/21/06
Stick to SuSe?  andrej770 | 10/21/06
Man!  Linux User 147560 | 10/21/06
RE: Man!  Linux User 1 | 10/22/06
Please change you name. Your are a Windows Fanboy.  slim-01 | 10/23/06
Thinks He's Already Adopted  Ole Man | 10/23/06
well, I believe your life is for ZDnet posting  FADS_z | 10/22/06
Nope try again  Linux User 147560 | 10/23/06
a product that will change the world again just like XP did.  xwerfx | 10/23/06
WOW!  Ole Man | 10/23/06
RE: Amen  Linux User 1 | 10/22/06
mmmmm....  jaapwillem | 10/21/06
Yeah like Like Linux is secure! LOL  andrej770 | 10/21/06
Well FYI  Linux User 147560 | 10/21/06
Linux has 30+ years???  Linux User 1 | 10/22/06
Helps if you read  Suicida| | 10/22/06
It is not useful to compare ...  mwagner@...ZDNet Moderator | 10/23/06
I call bull.  Linux User 147560 | 10/23/06
I call bull.  Linux User 147560 | 10/23/06
So windows is not obscure at times?  Tedscribe@... | 10/24/06
Hackers Dilemma  Ole Man | 10/23/06
Let's get something straight  georgeou | 10/22/06
Extra protection for using Vista x64 but not 32-Bit  Grayson Peddie | 10/22/06
If they did Admin right  TripleII | 10/22/06
Re: If they did Admin right  none none | 10/22/06
Agree, see my next "Another Patchguard Point"  TripleII | 10/22/06
Another "PatchGuard" point  TripleII | 10/22/06
Works for you, not for everyone  GarrettD | 10/23/06
Yeah?  techboy_z | 10/24/06
I totally agree  TripleII | 10/24/06
Re: Let's get something straight  none none | 10/22/06
Obviously you have never heard of or  Linux User 147560 | 10/23/06
better be ready  defconvegas | 10/22/06
Man, you need a life...  mustang_z | 10/23/06
Sheep Need A Shephard  bcroner | 10/23/06
BAA BAA BAA  30bob1 | 10/23/06
Ken, we aren't losing  Linux User 147560 | 10/23/06
Linux adoption case example....  techboy_z | 10/24/06
Saw A Pig Fly Over Today  Ole Man | 10/23/06
just got a load of crap  majoritywhip | 10/21/06
Just admit it...  DragonBRockin | 10/22/06
read what your wrote...  JoeMama_z | 10/22/06
of course not -  zoroaster | 10/23/06
Nice  sigmaman1 | 10/22/06
Another video of Bully again, huh?  Grayson Peddie | 10/22/06
And noone saw this coming????  Suicida| | 10/22/06
Some of us did  Linux User 147560 | 10/23/06
Good Job Microsoft!  xxn1927 | 10/23/06
M$ makes me laugh  computer*guru | 10/23/06
why are a decent vista release...  deMonstris | 10/23/06
More of a security Threat  Don't Ask Me | 10/23/06
Pay Attention OS Newbies  UNIXCPMWINDOWSLINUX | 10/23/06
Right on!!  cdebot | 10/23/06
Quantum Encryption  lightandshadow | 10/23/06
the Star Trek Universe  zoroaster | 10/23/06
Thanks, Richard  MowGreen | 10/23/06
Right On  computer*guru | 10/23/06
wow -  zoroaster | 10/23/06
Mac OS on an Apple IIe?  Resuna | 10/23/06
Agreed!!  30bob1 | 10/23/06
Just once  anthony@... | 10/23/06
Then why are you here. This is a debate forum.  slim-01 | 10/23/06
Yea, Right  GarrettD | 10/23/06
Anyone that thinks they have gotten Windows to Work is in denial  slim-01 | 10/24/06
"Work"  gsquared | 10/24/06
I define Works as  slim-01 | 10/24/06
Remember....  lightandshadow | 10/23/06
I will when I buy Windows Vista Ultimate x64.  Grayson Peddie | 10/23/06
os attacks  mitchmiesta@... | 10/23/06
slapdash 'fix' as usual  zoroaster | 10/23/06
Why not give daily logs to MSFT?  brettze | 10/23/06
Enough Already  GarrettD | 10/23/06
We'll patch it later..........AFTER  warezdog | 10/24/06

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

Introducing SmartPlanet

  • Find thought-provoking progressive ideas on topics that intersect with technology, business and life. Visit Today
  • Technology, perspective, and insights shaping the world
  • Learn innovative and practical skills for your business and your life. SmartPlanet offers 360 degree coverage that you need to feel connected to the information that matters to the world at large. Go to SmartPlanet
advertisement
Click Here