[SecurityRatty] tag: dep

Bypassing Microsoft Vista's Memory Protection

Mon, 11 Aug 2008 12:26:11 +0000

This is huge:

Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.
In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they've found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user's machine.

Paper here.

Using Data Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer overflows and memory corruption

Sun, 08 Jun 2008 20:36:29 +0000

New Video:Using Data Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer overflows and memory corruption
I’ve recently become interested in measures that modern CPUs can take to prevent various types of memory corruption attacks. One such feature is the NX bit (as AMD calls it, XD is Intel’s term), which allows for memory pages to me marked as not executable. Microsoft Windows started using this ability with XP SP2 as part of their Data Execution Prevention (DEP) feature. Unfortunately, to get most out of DEP you have to configure it. This video will show how to configure DEP protection in Windows XP and Vista.

Using Data Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer overflows and memory corruption

Sun, 08 Jun 2008 20:36:29 +0000

New Video:Using Data Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer overflows and memory corruption
Iâve recently become interested in measures that modern CPUs can take to prevent various types of memory corruption attacks. One such feature is the NX bit (as AMD calls it, XD is Intelâs term), which allows for memory pages to me marked as not executable. Microsoft Windows started using this ability with XP SP2 as part of their Data Execution Prevention (DEP) feature. Unfortunately, to get most out of DEP you have to configure it. This video will show how to configure DEP protection in Windows XP and Vista.

IE8 ActiveX Improvements

Sat, 10 May 2008 04:13:07 +0000

The IE team has announced some more about ActiveX improvements in Internet Explorer 8. Some of the blog is about old features, but there are some new ones: Per-User (Non-Admin) ActiveX, available only on Vista, means that it's possible for users to install an ActiveX control only for their own user context, not for the machine. It sounds like this will be on by default, but administrators can turn it off through Group Policy. You can already see from the comments to the blog entry that some people wanted this, and I guess it's a good thing. Through Per-Site ActiveX a control may be restricted to use only in the context of specific sites. If a control is run by a site not in the list, the user gets an information bar asking whether they want to allow it to run in that context. Administrators can control all of this, including pre-polulating a list of controls and permitted sites. That's it for the really new stuff, although the blog reiterates some other powerful security features. For instance, MS already announced that IE8 will have DEP on by default, which will defeat a huge proportion of vulnerabilities.