"Shattered" Windows

***tonybradley*** · July 12th, 2003, 01:24 PM

Last fall security researchers discovered a security flaw that used the Windows messaging system to request privileged applications to run malicious code. The original discoverer of this type of attack dubbed it "shatter."

When informed of the flaw last fall Microsoft insisted that because the attacker would need physical access to the PC it was not a flaw at all. Microsoft maintains a position that if someone has physical access to your PC you already lost- no amount of proper coding and security precautions can stop someone with physical access and time on their hands.

Eventually they patched it anyway. Now, researchers are pointing out that Microsoft only patched the instance of the flaw for one specific process, while leaving the root vulnerability and other applications open to attack. They state that this is not a single vulnerability, but a class of attack that many processes and applications are vulnerable to.

For more information you can read this News.com article.

[EDIT]had to fix spelling errors

[/EDIT]

***HTRegz*** · July 12th, 2003, 01:52 PM

Definately an interesting topic.

If anyone has the whitepaper or stumbles across it, I would be very interested in seeing it. The given link to the whitepaper is http://security.tombom.co.uk/shatter.html however the url seems to no longer exist, and google points solely to that link.

In my searches I did happen to stumble across Microsofts initial response to the paper and if anyone is interested in reading it, it is available @ http://www.microsoft.com/technet/tre...ews/htshat.asp

Thanks for the info Tony, I feel kind of out of the loop having never heard about this until now.

[Edit]
After doing some searching on PacketStorm I still haven't found the original whitepaper. However I have found an iAlert Whitepaper entitled Win32 Message Vulnerabilities Redux, published this month. I'm on my way out the door, so I haven't read it just skimmed it, but it llooks like it's a good read.
[/Edit]

***tonybradley*** · July 12th, 2003, 02:10 PM

Here is a link to the iDefense White Paper

Shatter Redux

***HTRegz*** · July 12th, 2003, 02:11 PM

Thanks Tony, I guess I forgot to include the link. Damn these early mornings on my days off....

***cdkj*** · July 12th, 2003, 04:04 PM

I hope this helps you

http://informatics.ntu.edu.au/staff/...er_attack.html <-----------This information was copied from http://security.tombom.co.uk/shatter.html. It is reproduced here just in case the original page goes missing.)

http://public.planetmirror.com/pub/s...osoft/shatter/

http://smokeping.planetmirror.com/pu...osoft/shatter/

Thread: "Shattered" Windows

Thread Tools

Display

"Shattered" Windows

Posting Permissions