Rutkowska On Vista Kernel Fix
Author: Dave Lewis
This past summer while sitting cross-legged at the back of the room in Caesar’s Palace during Black Hat, I watched as Joanna Rutkowska silenced the room. She calmly and methodically explained how an attacker could circumvent Microsoft’s kernel protection to inject shell code into the pagefile.sys. A couple of Redmond disciples attempted to refute her but, she came ready for battle. She made short work of the unbelievers and returned to her presentation slides and the humbled adversaries melted back into their seats. Rutkowska also outlined several ways for Microsoft to rectify the problems that she discussed.
Windows Vista Release Candidate 2 frustrates this attack by blocking write-access to raw disk sectors for user mode applications, even if they are executed with elevated administrative rights. Rutkowska writes that Microsoft’s fix is fraught with difficulties because it prevents legitimate applications, such as disk editors and recovery tools, from functioning without their own signed kernel-level driver. Hackers might be able to hijack such legitimate drivers so all Microsoft has done has created extra work for developers in displacing – but not resolving – the problem.
So rather than take the high road and actually fix the problem again we see Microsoft taking the easy way out. But, rather than to fix the problem they have simply put a bandaid on it hoping that no one would notice. In Rutkowska’s words the fix is ‘worse than useless‘ and you know what? I’d believe her.
Tags: Vista Kernel, Joanna Rutkowska, Black Hat, Vista Kernel Security
[...] Some are predicting doom for the “stand-alone, signature-based anti-virus, arguing that the industry will be forced to roll out converged security clients, offering multiple capabilities including anti-spyware, personal firewall, end-point policy enforcement and intrusion prevention as the foundation.” But, this is running on the assumption that companies like Microsoft can do a good job on malware protection. Sure they have made improvements with Vista. But, that is only temporary. Microsoft has a long track record with respects to security. We have already seen the work of Joanna Rutkowska. The attacks that will be launched against Vista in the coming months will be nothing like we have seen previously. Rest assured, as long as there is money to be made, they will come. [...]