Hacker Conference Takes Vista to Task

HomeSecurity
Sean Michael Kerner
By Sean Michael Kerner

LAS VEGAS — Microsoft spent a whole day here at the Black Hat conference extolling the security enhancements in its upcoming Vista operating system.

Joanna Rutkowska, a security researcher with security firm Coseinc, spent a day picking it apart.

Then again, what else would you expect from a session at a hacker convention titled: “Subverting Vista Kernel For Fun And Profit”?

Rutkowska took the stage in front of a capacity audience and proceeded to explain how to get around Vista.

She demonstrated two potential attack vectors. One could allow unsigned code to be loaded into the Vista kernel. The second vector involved taking advantage of AMD’s Pacific Hardware Virtualization to inject a new form of super malware that Rutkowska claimed to be undetectable.

Rutkowska’s Vista kernel attack did not rely on any known bugs in Vista, which is still in beta testing. She stressed that her demonstration did not rely on any implementation bug nor any undocumented Windows Vista functionality.

She characterized her approaches as “legal,” using documented SDK (define) features.

One of the new features in Vista Beta 2 is that it requires all kernel mode drivers to be signed. The general idea is to prevent malware from being injected. Rutkowska’s effort suggested that Microsoft still has some work to do on this feature.

Rutkowska’s method for injecting unsigned (and therefore potentially malicious) drivers into the Vista kernel involved taking advantage of paged memory to bypass Vista security.

In her demo, the shellcode used disabled signature checking, thus allowing any unsigned driver to be subsequently loaded. Taking her attack a step further, she implemented a one-click tool, which she called “Kernelstike” to execute her Vista kernel exploit.

Call it fresh meat for sharks: The audience erupted into spontaneous applause, followed by whoops and woo-hoos throughout her demonstration.

“The fact that this mechanism was bypassed doesn’t mean Vista is insecure. It just means it’s just not as secure as advertised,” Rutkowska said.

This article was first published on internetnews.com, a JupiterWeb site. To read the entire article, click here.

Previous article
What’s Up With WiMAX?
Next article
NAC? NAP? Neither? Probably Both.

Similar articles

Get the Free Newsletter!
Subscribe to Data Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Data Insider for top news, trends & analysis
This email address is invalid.

Latest Articles

Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation’s focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.

Advertisers

Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2023 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.