Changes to No eXecute (DEP) to Change Cutting Edge Microsoft Hacking
Microsoft will be releasing XP Service Pack 3, Vista Service Pack 1, and Server 2008 in the near future. One of the value added features is enhancements designed to allow more use of DEP. The idea is to get DEP protection to as much code as possible, working around legacy code using ATL.
So on the surface this sounds like it will protect more code--but does it now make disabling DEP easier for an attacker? Are more third party applications going to provide this as a configuration disable-DEP option and weaken the practical security posture of a system?
Michael Howard's blog
It will be interesting to see if this simplifies the now changing EIP via a vulnerability. If it doesn't make return2libc style exploits easier, it will at least make some more reliable (such as the
proof of concept for MS08-001). I'm hoping to spend some time on the details in the next couple of weeks, but teaching SANS Security 504 in Calgary, AB is my priority.
So on the surface this sounds like it will protect more code--but does it now make disabling DEP easier for an attacker? Are more third party applications going to provide this as a configuration disable-DEP option and weaken the practical security posture of a system?
Michael Howard's blog
It will be interesting to see if this simplifies the now changing EIP via a vulnerability. If it doesn't make return2libc style exploits easier, it will at least make some more reliable (such as the
proof of concept for MS08-001). I'm hoping to spend some time on the details in the next couple of weeks, but teaching SANS Security 504 in Calgary, AB is my priority.
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home