August 08, 2008
Vista Security Issues

OMG a Vista exploit! This one sounds different though as the neowin article claims Vista's Security is Rendered Completely Useless by it. Somehow I think it might be over-exaggerating a bit, however if it is as big an issue as they claim (in that there's not much MS can do about it), maybe it has changed the game a bit.

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista's Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser.

The way it sounds is that it's a browser attack, which means IE, so the solution might be similar to the last time IE was found to have huge holes and the recommendation from MS will be to turn off all scripting. There's nothing actually out in the wild yet, so at this point it's a theoretical thing that smart people have come up with but no one has actually seen (like black holes I guess).

To help guard against such things, here's a link to a browser that you'll be happier with if you're an IE user :)

Of course, depending on what side of the fence you are on OS leanings-wise, this is either BS or the first sign of the MS demise. OS News has people from both sides in the comments.





Posted by Arcterex at August 08, 2008 01:48 PM