Windows Vista Pwned By Web Exploit That Can't Be Stopped

Illustration for article titled Windows Vista Pwned By Web Exploit That Can't Be Stopped

Presenters at Black Hat revealed that most, if not all, of Windows Vista's security features can be taken out with a single browser exploit, using Java and .NET to execute malicious code. What really makes this a killer, is that it is based around Vista's fundamental architecture, not a specific security flaw, and can be executed with any browser vulnerability. As researcher Dino Dai Zovi told SearchSecurity, "that's completely game over." Microsoft programmers are apparently aware of the exploit presentation at Black Hat, and are waiting to see the findings themselves. Presented by Mark Dowd and Alexander Sotirov, of IBM and VMware, respectively, the exploit negates key security features such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), which make it difficult to locate and execute code and data. And apparently this exploit is so broad and game changing that it could be applied to other platforms. OS X, beware? [SearchSecurity via Electronista]

DISCUSSION

acovert31
Adrian Covert

maybe you should learn to read, turkeybird.

the article is about the fact that Vista has security has already been bypassed by the two black hat presenters and it MIGHT be possible to do it on other operating systems because of the underlying theories at play.