- Related Stories
-
Piecing together Windows Vista
November 8, 2006 -
Microsoft sends out final test version of Vista
October 6, 2006 -
Vista hacked at Black Hat
August 4, 2006 -
Microsoft gets good reception at Black Hat
August 3, 2006
Joanna Rutkowska, a Polish researcher at Singapore-based Coseinc, demonstrated the hack at Black Hat in August. She showed that it was possible to bypass security measures in 64-bit versions of Vista meant to prevent unsigned driver code from running. The bypass could allow the installation of malicious drivers--a serious threat, because they run at a low level in the operating system.
Rutkowska also tried out her exploit on Windows Vista Release Candidate 2, the final test version of the operating system released earlier this month. "It quickly turned out that our exploit doesn't work anymore," Rutkowska wrote on her blog late Thursday.
This is good news, but it might hold some problems. Microsoft appears to have thwarted the attack by blocking write-access to raw disk sectors for applications that run in user-mode, even if they are executed with elevated administrative rights, Rutkowska wrote. "Which is a bad idea," she wrote.
Microsoft's way of blocking the attack can cause compatibility trouble for programs such as disk editors and recovery tools, Rutkowska wrote. Such applications now will need their own, signed kernel-level driver to function, she wrote.
Moreover, Microsoft's way of blocking the attack is not a real solution to the problem, Rutkowska argued. An attacker could hijack a legitimate driver and still do evil, she said. "There is nothing which could stop an attacker from borrowing such a signed driver and using it to perform the?attack," she wrote.
The change that was made was the one that was most appropriate from a "time and impact to product, versus mitigation of the threat" aspect, said Stephen Toulouse, a program manager in Microsoft's Security Technology Unit. "As far as the application compatibility angle, we believe the change won't result in significant app compat issues. Remember, this is on 64-bit versions only," he said in an e-mail.
Toulouse also pointed out that in order for the attack to occur, the attacker must gain administrator rights on the machine. That means her attack would be foiled by Microsoft's user account control, a Vista feature that runs a PC with fewer user privileges. UAC is a key Microsoft effort to prevent malicious code from being able to do as much damage as on a PC running in administrator mode, a typical setting on Windows XP.
"It is very difficult to protect a computer from deliberate actions from its own administrator," Toulouse said. "However we felt that Joanna's technique was something we could implement a change to help prevent."
During her Black Hat presentation, attended by several Microsoft employees, Rutkowska suggest two alternative ways the software maker could fix the Vista problem. "But it seems that Microsoft actually decided to ignore those suggestions and implemented the easiest solution, ignoring the fact that it really doesn't solve the problem," she wrote.
See more CNET content tagged:
Black Hat, Stephen Toulouse, attack, attacker, Microsoft Windows Vista
think after they fix one security issue 5 more follow?
Justin
Say it isn't so!
Toulouse mentioned that the flaw she discovered only works if the user is log in as an admistrator, and to my knowledge by default users will not be administrators. So it would appear that issue is not security related, its more related to user education. Plus I believe that users are not going to administrators by default in Vista, which I think is commonplace for OSX and Linux. It would seem that MS is trying to do the right thing. They should get a pat on the back for trying, since we all know there is no security software to stop a users from doing something they should not be doing.
The original sin of Windows XP and Vista is not lousy security.
The security mechanisms (discretionary access lists - DACL) work, assuming that the user is only given privileges that match his qualifications and possible attack surface. Suppose, there is a flaw in the user's app, for example ICQ or AIM, or Real Player, or Flash, that allows arbitrary code execution. If it is exploited, malicious code is executed and tries to install itself permanently. If an user has proper (limited) privileges, the code cannot install itself, don't even think of installing a privileged component (driver or service).
The same holds for Linux. If some Firefox flaw is exploited and malicious JavaScript runs, it cannot install itself permanently with elevated privileges. Only if the user runs with root privileges (as in Lindows AKA Linspire), the exploit is possible.
Of course there are user mode privilege escalation vulnerabilities, but there's been very few such in Windows. A few are known in Linux, too (see BugTraq).
The biggest mistake of Microsoft was giving new users administrative privileges. This was done because many games and crappy applications (such as ICQ) didn't obey published Windows development guidelines and required write access to privileged directories and registry keys. To avoid people screaming, the new users are all administrators. Then it's no wonder that when 10 or 70 years old clicks Yes when asked if he want this wonderful set of smilies, and the crapware is on the computer. THIS IS THE REAL PROBLEM.
And when are you Microsoft-bashers going to stop to ridiculously give credit and believe in anyone that has something bad to say about Microsoft or Microsoft software? (hint: never)
- Panic mode
- by thedreaming October 24, 2006 10:25 AM PDT
- Microsoft was touting vista as their most secure version yet, then someone at blackhat finds a exploit that's not easy to fix and then Microsoft said, "Look, we blocked it, HA HA, We're Smart, You're Dumb!"
- Like this Reply to this comment
-
(15 Comments)It's very childish, especially since the same person that found the exploit also told them of at least two ways to fix it properly and Microsoft turned them down.