|
|
Microsoft Blocks Windows Vista Rootkit Exploit - TechAmok
Microsoft Blocks Windows Vista Rootkit Exploit - [security]
06:41 PM EDT - Oct,20 2006 - post a comment Microsoft
has blocked the attack vector used to slip unsigned drivers past new
security policies being implemented in Windows Vista, according to Joanna
Rutkowska, the stealth malware researcher who created the exploit. Rutkowska,
who demonstrated the exploit at the Black Hat conference in August, said she
tested the attack against Windows Vista RC2 x64 and found that the exploit
doesn't work anymore. "The reason: Vista RC2 now blocks write-access to
raw disk sectors for user mode applications, even if they are executed with
elevated administrative rights," Rutkowska wrote on her Invisible Things blog.
Rutkowska, a Windows Internals expert at Singapore-based IT security firm
COSEINC, however warned that the way the exploit is being blocked could be
problematic and cause application compatibility issues.
Imagine a company wanting to release e.g. a disk editor. Now, with the blocked write access to raw disk sectors from usermode, the company would have to provide their own custom, but 100% legal, kernel driver for allowing their, again 100% legal, application (disk editor), to access those disk sectors, right? Of course, the disk editor's auxiliary driver would have to be signed - after all it's a legal driver, designed for legal purposes and ideally having neither implementation nor design bugs! But, on the other hand, there is nothing which could stop an attacker from "borrowing" such a signed driver and using it to perform the pagefile attack. The point here is, again, there is no bug in the driver, so there is no reason for revoking a signature of the driver. Even if we discovered that such driver is actually used by some people to conduct the attack! But it seems that MS actually decided to ignore those suggestions and implemented the easiest solution, ignoring the fact that it really doesn't solve the problem…
|
|
Short overview of recent news articles |
|
CES was frickin weird, guys (Jan,14 2026 ) Lee Cronin's The Mummy - Official Teaser Trailer (2026) Jack (Jan,12 2026 ) Ferrari SF90 XX v Xiaomi SU7 Ultra: DRAG RACE (Jan,12 2026 ) Welcome to the Wasteland - Fallout (American TV series) fan video (Jan,10 2026 ) GOOD LUCK, HAVE FUN, DON'T DIE Trailer 2 (2026) Sam Rockwell (Jan,09 2026 ) NVIDIA Releases GeForce 591.74 WHQL Drivers with DLSS 4.5 Support (Jan,07 2026 ) Predator: Badlands Exclusive Deleted Scene (2025) (Jan,07 2026 ) Greenland 2: Migration - Official Trailer 3 (2026) Gerard Butler, (Jan,06 2026 ) The Best Laptops of 2025 - For Gaming, Creators & Students! (Jan,05 2026 ) Punkt Updates its Privacy-Focused Smartphone (Jan,05 2026 ) Clicks Launches New Ways to Add a Physical Keyboard to Your Life (Jan,05 2026 ) Building a PC for the First Time (Jan,05 2026 ) Building a PC in 2026 (Jan,03 2026 ) I want this phone so bad... - Samsung Galaxy Z TriFold (Jan,02 2026 ) The Real Finewine Strikes Again: Ryzen 5600X, 5700X & 5800XT Revisit (Jan,02 2026 ) Nokia N8 Symbian Re-Awakened With Passion (Jan,02 2026 ) Europe Forces Apple to Open up More of iOS (Jan,02 2026 ) Must have Privacy and Security Tweaks: 2026 Edition (Jan,02 2026 ) How Did RAM Get So Expensive?! (Jan,01 2026 ) GeForce RTX 5090 prices to soar to $5,000 as NVIDIA and AMD prep GPU (Dec,31 2025 ) Hacker arrested for KMSAuto malware campaign with 2.8 million (Dec,30 2025 ) Killer Whale - Official Trailer (2026) Virginia Gardner, Mel (Dec,29 2025 ) NVIDIA Showed Me Their Supercomputer (Dec,28 2025 ) 2026 CPU Launches! AMD, Intel & NVIDIA: Buy Now or Wait? (Dec,28 2025 ) Disable this Windows Feature that Secretly Eats Up RAM! (Dec,27 2025 ) New Windows 11 vs Old Malware: Will it survive? (Dec,27 2025 ) Samsung TriFold Durability Test: We found the limit (Dec,27 2025 ) TRUST WALLET CONFIRMS SECURITY BREACH (Dec,26 2025 ) Xiaomi 17 Ultra Leads And Samsung To Follow With A 10 Percent Price (Dec,26 2025 ) Merry Christmas Gaming Insanity (Dec,25 2025 ) Battlefield 6 - Official PS5 Features Trailer (Dec,24 2025 ) NVIDIA GeForce Hotfix Driver 591.67 Released (Dec,24 2025 ) Finally! A Battery That's Better Than Energizer and Duracell! (Dec,23 2025 ) NVIDIA Killing Cheap 16GB Local AI GPUs? (Dec,22 2025 ) Top 10 Movie Sequels of All Time (Dec,21 2025 ) He Built a Privacy Tool. Now He's Going to Prison (Kone Rodriguez, (Dec,21 2025 ) Insane Moves! B-Boy Shigekix vs. B-Boy Issin - Red Bull BC One World (Dec,20 2025 ) 9800X3D & RTX 5070 Ti Gaming PC - MSI Project Zero Done Right (Dec,20 2025 ) The XG27AQWMG Sets a New Standard for 1440p OLED (Dec,19 2025 ) OnePlus 15R Boasts Huge 7,400 mAh Battery (Dec,19 2025 ) Motorola Refreshes moto g power for 2026 (Dec,19 2025 ) NVIDIA GeForce 591.59 WHQL Driver (Dec,18 2025 ) Are We Quitting YouTube Due To DRAM Apocalypse? (Dec,18 2025 ) The Samsung TriFold is AWESOME! (Dec,16 2025 ) $30 vs $30,000 TV (Dec,16 2025 ) Stranger Things 5 - Volume 2 Trailer (Dec,16 2025 ) Google Brings Live Video Sharing to 911 Calls on Android (Dec,14 2025 ) Samsung One UI 8.5 Will Offer New Features (Dec,14 2025 ) Dell AW3225QF Review - 32-inch curved gaming monitor (Dec,14 2025 ) HW News - AMD Says AI Definitely, Absolutely Not A Bubble, New (Dec,13 2025 )
>> News Archive <<
| |
|
