LAS VEGAS -- Microsoft spent a whole day here at the Black Hat conference extolling the security enhancements in its upcoming Vista operating system.
Joanna Rutkowska, a security researcher with security firm Coseinc, spent a day picking it apart.
Then again, what else would you expect from a session at a hacker convention titled: "Subverting Vista Kernel For Fun And Profit"?
Rutkowska took the stage in front of a capacity audience and proceeded to explain how to get around Vista.
She demonstrated two potential attack vectors. One could allow unsigned code to be loaded into the Vista kernel. The second vector involved taking advantage of AMD's Pacific Hardware Virtualization to inject a new form of super malware that Rutkowska claimed to be undetectable.
Rutkowska's Vista kernel attack did not rely on any known bugs in Vista, which is still in beta testing. She stressed that her demonstration did not rely on any implementation bug nor any undocumented Windows Vista functionality.
She characterized her approaches as "legal," using documented SDK (define) features.
One of the new features in Vista Beta 2 is that it requires all kernel mode drivers to be signed. The general idea is to prevent malware from being injected. Rutkowska's effort suggested that Microsoft still has some work to do on this feature.
Rutkowska's method for injecting unsigned (and therefore potentially malicious) drivers into the Vista kernel involved taking advantage of paged memory to bypass Vista security.
In her demo, the shellcode used disabled signature checking, thus allowing any unsigned driver to be subsequently loaded. Taking her attack a step further, she implemented a one-click tool, which she called "Kernelstike" to execute her Vista kernel exploit.
Call it fresh meat for sharks: The audience erupted into spontaneous applause, followed by whoops and woo-hoos throughout her demonstration.
"The fact that this mechanism was bypassed doesn't mean Vista is insecure. It just means it's just not as secure as advertised," Rutkowska said.
One of the ways around the issues of security and control that make some businesses wary of cloud computing is to build a private cloud -- one that remains within the corporate firewall and is wholly controlled internally. Private clouds also increase the agility of IT an organization's IT infrastructure and make it easier to roll out new technology projects. Download this eBook to get the facts behind the private cloud and learn how your organization can get started.