Feeds

Stealth attack undermines Vista defences

Root cause analysis

Internet Security Threat Report 2014

Researchers have demonstrated how to bypass security protections in order to inject potentially hostile code into the kernel of prototype versions of Windows.

The demonstration by Joanna Rutkowska, a senior security researcher with Coseinc, highlighted the possibility of loading arbitrary code into the latest Vista Beta 2 kernel (x64 edition), thereby circumventing Vista's policy of only allowing digitally-signed code to load into the kernel.

The attack, presented at the Black Hat conference in Las Vegas last week, can be performed "on the fly" (i.e. no reboot is necessary) but it does require admin privileges, unlike most malware attacks that are equally successful in conventional user mode.

Used successfully, the attack creates a means to install a rootkit (contained in an unsigned device driver) onto compromised hosts by disabling Vista's signature-checking function, Information Week reports. Disabling kernel memory paging could be implemented among a number of workarounds against the attack, she added.

Rutkowska also demonstrated her previously announced technology for creating stealth malware, Blue Pill, which uses the latest virtualisation technology from AMD - Pacifica - to inject potentially hostile code by stealth, under the radar of conventional security defences, onto a server.

Although Vista wasn't as secure as Microsoft would have us believe, Rutkowska commented that Microsoft had done a good job with the OS, adding that her attack didn't mean Vista was inherently insecure.

Microsoft director of Windows product management Austin Wilson was among the delegates who attended Rutkowska's well received presentation on Thursday, Information Week reports.

Wilson said correcting the security shortcomings highlighted by Rutkowska was on Microsoft's development road map for Vista. He added that the driver-signing function was only implemented by default on 64-bit versions of the OS.

Microsoft is going out of its way to reach out to the security community in its attempts to improve the security of Vista prior to its release, now expected early next year.

Microsoft director of security outreach Andrew Cushman began the week by encouraging ethical hackers to poke holes at the OS.

Later, Microsoft security group manager John Lambert explained the security development process behind Vista, claiming the OS had been through the biggest penetration testing effort ever mounted against an operating system. Redmond had recruited more than 20 security researchers to give Vista a "body-cavity search", he said. ®

Internet Security Threat Report 2014

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.