Researchers use browser to elude Vista memory protections (SearchSecurity)

[Drew Wilson]

LAS VEGAS -- Two security researchers have developed new techniques that bypass the memory protection safeguards in the Windows Vista operating system through the use of browser exploits.

In a presentation at the Black Hat briefings, Mark Dowd and Alexander Sotirov demonstrated the new methods they've found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user's machine. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista's fundamental architecture and the ways in which Microsoft chose to protect it.

In their presentation at Black Hat., Dowd and Sotirov stressed that despite their advances in getting around the Vista memory protections, there are still a number of security mechanisms in place in the operating system to mitigate attacks. Internet Explorer running in Protected Mode, for example, can protect against attacks that overwrite some files. Also, some of the pair's attacks will be addressed in future versions of third-party software, including Flash, which will opt into ASLR in its next release.

More..

Via Bruce Schneier's Blog

Looks like Bruce disagrees with Arstechnica on this and suggests that this is actually a serious issue. Interesting.

[Drew Wilson]

Update: Posted just a few hours ago. Interview with the researchers:

Alarmed about Vista security? Black Hat researcher Alexander Sotirov speaks out (ZDNet)