.

Microsoft Blocks Vista Rootkit Exploit

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Oct 20, 2006 2:19 pm

Microsoft Blocks Vista Rootkit Exploit

Microsoft has blocked the attack vector used to slip unsigned drivers past new security policies being implemented in Windows Vista, according to Joanna Rutkowska, the stealth malware researcher who created the exploit.

Rutkowska, who demonstrated the exploit at the Black Hat conference in August, said she tested the attack against Windows Vista RC2 x64 and found that the exploit doesn't work anymore.

"The reason: Vista RC2 now blocks write-access to raw disk sectors for user mode applications, even if they are executed with elevated administrative rights," Rutkowska wrote on her Invisible Things blog.

Rutkowska, a Windows Internals expert at Singapore-based IT security firm COSEINC, however warned that the way the exploit is being blocked could be problematic and cause application compatibility issues.

During her Black Hat presentation, which was attended by then Microsoft security chief Ben Fathi, Rutkowska described how scripts can be used to allocate excess amounts of memory to a process, forcing the target system to page out unused code and drivers. She also showed how shell code could be executed inside one of the unused drivers, completely defeating a new anti-rootkit policy that only allows digitally signed drivers to load into the Vista kernel.


For full story:
http://www.eweek.com/article2/0,1895,2034336,00.asp

Don
CISSP, MCSE, CSTA, Security+ SME
<<

LSOChris

Post Fri Oct 20, 2006 10:27 pm

Re: Microsoft Blocks Vista Rootkit Exploit

one one hand i am happy they fixes an attack vector

on the other hand, i dont enjoy the fact that OS level remote exploits are drying up.

i want to have job security and remote exploits, worms, and viruses equal job security.

personally i am surprised that all these "blackhats" agreed to lock down microsoft's new OS, friggin totally selling out. they really screwed themselves out of money in the long run, but sometimes i guess you got to get your 15 minutes of fame...

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software