The malicious code not only negates the effectiveness of Vista's Address Space Layout Randomization and Data Execution Prevention technologies, which respectively randomize the location of some code in memory and prevent executing code from outside a certain memory space, but specifically abuses their behavior to ensure an attack gets through.
Microsoft is also unlikely to have any way of patching against the approach, since it can be reused whenever another vulnerability is found in a web browser. Such programs are also often the one Internet-based program that is often unblocked by security software and would thus thwart simple defense mechanisms such as blocking network ports or program permissions.
The technique is also characterized as generic enough that it can run in other environments and on other platforms, although it's uncertain whether this would permit a variant to attack a non-Windows OS or simply other programs within Windows.
Microsoft knows of the exploit's existence but hasn't been given a private briefing; the company is currently waiting on a public elaboration on the full details of how the exploit works.
The discovery of the security potentially undermines much of Microsoft's marketing effort for Vista, which has regularly centered around security. The company has suffered previous blows to its reputation through Windows XP exploits such as the Blaster worm, whose rapid spread in 2003 prompted public concern and a new effort on the part of Microsoft to emphasize security over convenience.
No comments:
Post a Comment