+FML Posted February 14, 2015 Report Posted February 14, 2015 A group security researchers has succeeded to bypass important security measures of Windows by changing just 1 bit. The problem in the Windows kernel exists in all Windows versions, including Windows 10 Technical Preview. Microsoft has added several additional security measures to the Windows kernel over the years. These measures should make it harder for attackers to abuse possible leaks in the operating system and include Kernel DEP (ensures that most kernel data regions cannot be executed), KASLR (randomizes the kernel address-space to avoid figuring out where kernel modules exist), SMEP (prevents execution control transfers between kernel mode to user-mode) and Mitigation Of Common Attack Vectors (hardens commonly abused structures). The discovered leak makes it possible for an attacker with access to a system to bypass all these Windows security measures and more. An exploit developed by the researchers changes a single bit to abuse the leak. Microsoft was informed about the issue several months ago and patched the leak yesterday. The leak, demonstrated in this movie, allows an attacker to escalate privileges on a system, according to the description of Microsoft. The researchers state they’ve demonstrated that even a small bug can provide full control over Windows, “nevertheless, we think that Microsoft efforts to make the its operating system more secure raised the bar significantly and made writing reliable exploits far harder than before.” Unfortunately these measures won’t fully protect against attackers. Also cybercriminals will eventually develop similar exploits, according to the researchers. Source : myce.com Now I'm really scared ... How about you guys ?
+GodsOtherHand Posted February 14, 2015 Report Posted February 14, 2015 the term 'leak' is used in a really wrong way Also, stuff like this is discovered all the time. Nothing really shocking.. The attacker needs access to the machine in order for the exploit to work, so it's not that bad. Windows recently patched another vulnerability regarding group policies: https://technet.microsoft.com/en-us/library/security/ms15-011.aspx That patch took Microsoft 13 months to make (and test) because it was a flaw in the design of a protocol, not an implementation problem. love is a verb Love is a doing word
+GodsOtherHand Posted February 14, 2015 Report Posted February 14, 2015 nope. Just do the updates. love is a verb Love is a doing word
+FML Posted February 15, 2015 Author Report Posted February 15, 2015 nope. Just do the updates. Really ? I mean ... is that simple ?
Habeanu Flavius Stefan Posted May 5, 2015 Report Posted May 5, 2015 True for this tutorial (ps: R.I.P. limba engleza)
+FML Posted May 5, 2015 Author Report Posted May 5, 2015 True for this tutorial (ps: R.I.P. limba engleza) at least you try . Good luck.
Habeanu Flavius Stefan Posted May 5, 2015 Report Posted May 5, 2015 at least you try . Good luck. Thank man
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now