Feeds

Stealth attack undermines Vista defences

Root cause analysis

The essential guide to IT transformation

Researchers have demonstrated how to bypass security protections in order to inject potentially hostile code into the kernel of prototype versions of Windows.

The demonstration by Joanna Rutkowska, a senior security researcher with Coseinc, highlighted the possibility of loading arbitrary code into the latest Vista Beta 2 kernel (x64 edition), thereby circumventing Vista's policy of only allowing digitally-signed code to load into the kernel.

The attack, presented at the Black Hat conference in Las Vegas last week, can be performed "on the fly" (i.e. no reboot is necessary) but it does require admin privileges, unlike most malware attacks that are equally successful in conventional user mode.

Used successfully, the attack creates a means to install a rootkit (contained in an unsigned device driver) onto compromised hosts by disabling Vista's signature-checking function, Information Week reports. Disabling kernel memory paging could be implemented among a number of workarounds against the attack, she added.

Rutkowska also demonstrated her previously announced technology for creating stealth malware, Blue Pill, which uses the latest virtualisation technology from AMD - Pacifica - to inject potentially hostile code by stealth, under the radar of conventional security defences, onto a server.

Although Vista wasn't as secure as Microsoft would have us believe, Rutkowska commented that Microsoft had done a good job with the OS, adding that her attack didn't mean Vista was inherently insecure.

Microsoft director of Windows product management Austin Wilson was among the delegates who attended Rutkowska's well received presentation on Thursday, Information Week reports.

Wilson said correcting the security shortcomings highlighted by Rutkowska was on Microsoft's development road map for Vista. He added that the driver-signing function was only implemented by default on 64-bit versions of the OS.

Microsoft is going out of its way to reach out to the security community in its attempts to improve the security of Vista prior to its release, now expected early next year.

Microsoft director of security outreach Andrew Cushman began the week by encouraging ethical hackers to poke holes at the OS.

Later, Microsoft security group manager John Lambert explained the security development process behind Vista, claiming the OS had been through the biggest penetration testing effort ever mounted against an operating system. Redmond had recruited more than 20 security researchers to give Vista a "body-cavity search", he said. ®

Next gen security for virtualised datacentres

More from The Register

next story
Microsoft boots 1,500 dodgy apps from the Windows Store
DEVELOPERS! DEVELOPERS! DEVELOPERS! Naughty, misleading developers!
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Uber, Lyft and cutting corners: The true face of the Sharing Economy
Casual labour and tired ideas = not really web-tastic
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?