Feeds

MS downplays SP2 vuln risk

NX protection concern

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Microsoft is downplaying the significance of research that suggests support for revamped memory protection in Win XP SP2 will fail to block a common type of security attack. Alexander Anisimov of Russian security firm Positive Technologies last week published a paper explaining how the data execution protection (DEP) and heap overflow protection features that debuted in Windows XP SP2 can be bypassed.

This execution protection (NX) technology - which is only supported by a limited number of processors including AMD K8, Intel Itanium and some Xeon processors - is designed to thwart buffer overrun attacks. Buffer overflows are a perennial source of software security problems that often feature in Windows security exploits. The infamous Sasser worm, for example, used a buffer overflow flaw in Windows' Local Security Authority Subsystem Service to spread.

Microsoft's NX protection is designed to make it more difficult for crackers to inject malicious code into memory but Positive Technologies' MaxPatrol security scanner research team found a chink in these defences, outlined in Anisimov's paper.

Positive Technologies said it discovered the problem in October 2004, notified Microsoft in December and went public last week. In a statement, Microsoft said that "early analysis" indicates that attempts to bypass its newly-introduced memory protection technology are "not a security vulnerability". It said it never claimed the technology was foolproof.

"An attacker cannot use this method by itself to attempt to run malicious code on a user’s system. There is no attack that utilizes this, and customers are not at risk from the situation," it said.

"It’s important to note that DEP and heap overflow protection are not designed to protect against all kinds of malicious code exploits. These features effectively address the exploits that they were designed to prevent and make it more difficult for an attacker to run malicious software on the computer as the result of a buffer overrun. We will continue to modify these technologies as appropriate to improve them and will evaluate ways to mitigate against this method of bypass while retaining performance on the system, either through an update as part of our monthly bulletin release process, or in a service pack," it adds.

Microsoft continues to urge customers to load Windows XP Service Pack 2 as a defence against security attacks. ®

Related stories

MS bigs up Windows XP SP2
Intel 'Nocona' Xeon to get 'no execute' support
WinXP SP2 = security placebo?
Exploit code attacks unpatched IE bug

Beginner's guide to SSL certificates

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.