Security Experts Discovered Vulnerability in Windows 7Although the security measures had been released for Windows 7, two security analysts succeeded to break into the security provided to computer users having Internet Explorer 8 - Microsoft's latest operating system. A German researcher (identified by the first name of Nils) and Peter Vreugdenhil of the Netherlands discovered the ways to disable Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). These two are the most vaunted Windows 7 anti-exploit features. Each contestant tried to exploit the completely patched 64-bit version of Windows 7 and succeeded in their efforts. Microsoft launched DEP in 2004 along with Windows XP Service Pack 2. It protects the computer from execution of malicious code in memory section and works as a defense against several things like buffer-overflow attacks. Around half an hour later, Nils break into the same defensive mechanisms to penetrate into Mozilla's Firefox 3.6. For the efforts put in by them, each security researcher got the notebook they attacked as an award along with $10,000 in cash and a trip to participate in the DefCon hackers conference in Las Vegas this July. Expressing his views on the issue, Jerry Bryant, Senior Security Communications Manager Lead at Microsoft, said that the company was not familiar with customer risk issues owing to this vulnerability, as reported by darkREADING on March 25, 2010. In fact, they are not the first hackers who break into Microsoft ASLR and DEP. Core Security Technologies has recently revealed that it discovers a flaw in the Microsoft Virtual PC hypervisor's memory management that could be exploited by an attacker to make use of ASLR and DEP. Microsoft has revealed that it is not a fresh flaw but the exploit takes advantage of already existing vulnerabilities. VUPEN Security earlier said that the company succeeded to penetrate into DEP on Internet Explorer 8 and executed arbitrary code. It also forwarded the exploit code to Microsoft for examination. Internet Explorer 8 running on Windows 7 was not the lone browser that fell at the conference. Mozilla Firefox, Safari and iPhone were also vulnerable to make use of zero-day vulnerabilities in all the systems. Related article: Securities Push Up A Must For Web Companies ยป SPAMfighter News - 4/3/2010 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
