Microsoft has changed Windows Vista to prevent a hack that was demonstrated at a high-profile security event this summer, but the fix may spell trouble.
Joanna Rutkowska, a Polish researcher at Singapore-based Coseinc, demonstrated the hack at Black Hat in August. She showed that it was possible to bypass security measures in 64-bit versions of Vista meant to prevent unsigned driver code from running. The bypass could allow the installation of malicious drivers--a serious threat, because they run at a low level in the operating system.
Rutkowska also tried out her exploit on Windows Vista Release Candidate 2, the final test version of the operating system released earlier this month. "It quickly turned out that our exploit doesn't work anymore," Rutkowska wrote on her blog late Thursday.
This is good news, but it might hold some problems. Microsoft appears to have thwarted the attack by blocking write-access to raw disk sectors for applications that run in user-mode, even if they are executed with elevated administrative rights, Rutkowska wrote. "Which is a bad idea," she wrote.
Microsoft's way of blocking the attack can cause compatibility trouble for programs such as disk editors and recovery tools, Rutkowska wrote. Such applications now will need their own, signed kernel-level driver to function, she wrote.
Moreover, Microsoft's way of blocking the attack is not a real solution to the problem, Rutkowska argued. An attacker could hijack a legitimate driver and still do evil, she said. "There is nothing which could stop an attacker from borrowing such a signed driver and using it to perform the?attack," she wrote.
The change that was made was the one that was most appropriate from a "time and impact to product, versus mitigation of the threat" aspect, said Stephen Toulouse, a program manager in Microsoft's Security Technology Unit. "As far as the application compatibility angle, we believe the change won't result in significant app compat issues. Remember, this is on 64-bit versions only," he said in an e-mail.
Toulouse also pointed out that in order for the attack to occur, the attacker must gain administrator rights on the machine. That means her attack would be foiled by Microsoft's user account control, a Vista feature that runs a PC with fewer user privileges. UAC is a key Microsoft effort to prevent malicious code from being able to do as much damage as on a PC running in administrator mode, a typical setting on Windows XP.
"It is very difficult to protect a computer from deliberate actions from its own administrator," Toulouse said. "However we felt that Joanna's technique was something we could implement a change to help prevent."
During her Black Hat presentation, attended by several Microsoft employees, Rutkowska suggest two alternative ways the software maker could fix the Vista problem. "But it seems that Microsoft actually decided to ignore those suggestions and implemented the easiest solution, ignoring the fact that it really doesn't solve the problem," she wrote.
Seems like the author give carte blanche crediblilty to the "researher". c/net has an obvious penchant to "report" almost anything negative concerning MSFT to the point they have lost most of their crediblity, for me.
Why question the credibility of the researcher? It's not like they kept the security hole to themselves. No she gave the info freely at a conference which MSFT attended and they ignored it. It's not her fault and maybe you shouldn't bash her just because she attends a black hat convention.
"Toulouse also pointed out that in order for the attack to occur, the attacker must gain administrator rights on the machine. That means her attack would be foiled by Microsoft's user account control, a Vista feature that runs a PC with fewer user privileges."
Toulouse mentioned that the flaw she discovered only works if the user is log in as an admistrator, and to my knowledge by default users will not be administrators. So it would appear that issue is not security related, its more related to user education. Plus I believe that users are not going to administrators by default in Vista, which I think is commonplace for OSX and Linux. It would seem that MS is trying to do the right thing. They should get a pat on the back for trying, since we all know there is no security software to stop a users from doing something they should not be doing.
Code which runs in kernel should generally be trusted, because it runs with almighty privileges. Users tunning with administrator or root privileges are entitled by definition to control what's loaded.
The original sin of Windows XP and Vista is not lousy security.
The security mechanisms (discretionary access lists - DACL) work, assuming that the user is only given privileges that match his qualifications and possible attack surface. Suppose, there is a flaw in the user's app, for example ICQ or AIM, or Real Player, or Flash, that allows arbitrary code execution. If it is exploited, malicious code is executed and tries to install itself permanently. If an user has proper (limited) privileges, the code cannot install itself, don't even think of installing a privileged component (driver or service).
The same holds for Linux. If some Firefox flaw is exploited and malicious JavaScript runs, it cannot install itself permanently with elevated privileges. Only if the user runs with root privileges (as in Lindows AKA Linspire), the exploit is possible.
Of course there are user mode privilege escalation vulnerabilities, but there's been very few such in Windows. A few are known in Linux, too (see BugTraq).
The biggest mistake of Microsoft was giving new users administrative privileges. This was done because many games and crappy applications (such as ICQ) didn't obey published Windows development guidelines and required write access to privileged directories and registry keys. To avoid people screaming, the new users are all administrators. Then it's no wonder that when 10 or 70 years old clicks Yes when asked if he want this wonderful set of smilies, and the crapware is on the computer. THIS IS THE REAL PROBLEM.
When it releases Windows Vista. And when are you Microsoft-bashers going to stop to ridiculously give credit and believe in anyone that has something bad to say about Microsoft or Microsoft software? (hint: never)
Microsoft was touting vista as their most secure version yet, then someone at blackhat finds a exploit that's not easy to fix and then Microsoft said, "Look, we blocked it, HA HA, We're Smart, You're Dumb!"
It's very childish, especially since the same person that found the exploit also told them of at least two ways to fix it properly and Microsoft turned them down.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
Whether Apple will release a new iPad next month doesn't seem to be the question as much as what day it will happen. A new rumor has it down to the day.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
As UC Berkeley students, the co-founders of "Back to the Roots" discovered they could grow mushrooms using recycled coffee grounds. Now their mushroom kit sells at grocery stores across the country.
think after they fix one security issue 5 more follow?
Justin
Say it isn't so!
Toulouse mentioned that the flaw she discovered only works if the user is log in as an admistrator, and to my knowledge by default users will not be administrators. So it would appear that issue is not security related, its more related to user education. Plus I believe that users are not going to administrators by default in Vista, which I think is commonplace for OSX and Linux. It would seem that MS is trying to do the right thing. They should get a pat on the back for trying, since we all know there is no security software to stop a users from doing something they should not be doing.
The original sin of Windows XP and Vista is not lousy security.
The security mechanisms (discretionary access lists - DACL) work, assuming that the user is only given privileges that match his qualifications and possible attack surface. Suppose, there is a flaw in the user's app, for example ICQ or AIM, or Real Player, or Flash, that allows arbitrary code execution. If it is exploited, malicious code is executed and tries to install itself permanently. If an user has proper (limited) privileges, the code cannot install itself, don't even think of installing a privileged component (driver or service).
The same holds for Linux. If some Firefox flaw is exploited and malicious JavaScript runs, it cannot install itself permanently with elevated privileges. Only if the user runs with root privileges (as in Lindows AKA Linspire), the exploit is possible.
Of course there are user mode privilege escalation vulnerabilities, but there's been very few such in Windows. A few are known in Linux, too (see BugTraq).
The biggest mistake of Microsoft was giving new users administrative privileges. This was done because many games and crappy applications (such as ICQ) didn't obey published Windows development guidelines and required write access to privileged directories and registry keys. To avoid people screaming, the new users are all administrators. Then it's no wonder that when 10 or 70 years old clicks Yes when asked if he want this wonderful set of smilies, and the crapware is on the computer. THIS IS THE REAL PROBLEM.
And when are you Microsoft-bashers going to stop to ridiculously give credit and believe in anyone that has something bad to say about Microsoft or Microsoft software? (hint: never)
It's very childish, especially since the same person that found the exploit also told them of at least two ways to fix it properly and Microsoft turned them down.