Software

Windows Vista Pwned By Web Exploit That Can’t Be Stopped

By Adrian Covert on August 9, 2008 at 6:30 AM

Presenters at Black Hat revealed that most, if not all, of Windows Vista’s security features can be taken out with a single browser exploit, using Java and .NET to execute malicious code. What really makes this a killer, is that it is based around Vista’s fundamental architecture, not a specific security flaw, and can be executed with any browser vulnerability. As researcher Dino Dai Zovi told SearchSecurity, “that’s completely game over.”

Microsoft programmers are apparently aware of the exploit presentation at Black Hat, and are waiting to see the findings themselves. Presented by Mark Dowd and Alexander Sotirov, of IBM and VMware, respectively, the exploit negates key security features such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), which make it difficult to locate and execute code and data. And apparently this exploit is so broad and game changing that it could be applied to other platforms. OS X, beware? [SearchSecurity via Electronista]

Tagged:

software

Comments (AU Comments | US Comments)

There are currently no AU comments for this post.

Post Your Comments

Got something to say? There are two ways to comment:

1. Guests

Click here to comment instantly.

2. Facebook Users

Click below to comment using your Facebook account.

We're looking for comments that are interesting, substantial or highly amusing. If your comments are excessively self-promotional, obnoxious, or even worse, boring, you will be banned from commenting. All comments are moderated.