Report: Major Windows security update foiled
Results 1 to 5 of 5

Thread: Report: Major Windows security update foiled

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Report: Major Windows security update foiled

    A Russian security company claims it found a way to beat a security measure in Microsoft's Windows XP Service Pack 2, a major update aimed at securing customers' PCs.

    The SP2 measure, known as Data Execution Protection, is intended to prevent would-be attackers from inserting rogue code into a PC's memory and tricking Windows into running the program. However, in a paper published Friday, Moscow-based Positive Technologies said two minor mistakes in the implementation of the technology allow a knowledgeable programmer to sidestep the protection.

    The company notified Microsoft of the problem Dec. 22, but it apparently decided not to wait for the software giant to patch the flaws.

    Neither Microsoft nor Positive Technologies immediately responded to requests for comment Friday.

    After several delays, Microsoft began rolling out SP2 in August of last year, at which time company Chairman Bill Gates called the update "a significant step in delivering on our goal to help customers make their PCs better isolated and more resilient in the face of increasingly sophisticated attacks."
    Source : http://news.zdnet.com/2100-1009_22-5555448.html

    Link : Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass
    -Simon \"SDK\"

  2. #2
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    Thats not a big surpise lol. Are the amd 64bits the only cpus that support that as of now by te way? Or am I mistaken?

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Frankly I never expected DEP to be the panacea some said it was and I expected it to be flawed. Not because M$ wrote it but because you are messing with the most complex area of the computer. The question really becomes "are there enough, sufficiently skilled programmers out there that have malicious intent to find it's failings and exploit them publicly"?

    Honestly, I don't know the answer. But I do know that I have survived in this world for more than 20 years without it and can probably continue to do so if I pay attention to the threats and mitigate their vectors. I work from a fairly basic principle since I'm not smart enough to know the "nitty-gritty" of everything my users and myself use - "If you can't get the code onto my box you can't run it... Period"... It works for me....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Banned
    Join Date
    Apr 2004
    Posts
    410

    A Russian security company claims it found a way to beat a security measure in Microsoft's Windows XP Service Pack 2, a major update aimed at securing customers' PCs.
    make way SP 3 comming thru..........

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Originally posted here by oofki
    Thats not a big surpise lol. Are the amd 64bits the only cpus that support that as of now by te way? Or am I mistaken?
    Intel 6XX series and some Xeon support it now also.
    -Simon \"SDK\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •