[ISN] Whitehats pierce giant hole in Microsoft security shield

From: InfoSec News <alerts_at_private>
Date: Mon, 18 Apr 2011 03:08:45 -0500 (CDT)

By Dan Goodin in San Francisco 
The Register
18th April 2011

In late December, Microsoft researchers responding to publicly posted 
attack code that exploited a vulnerability in the FTP service of IIS 
told users it wasn't much of a threat because the worst it probably 
could do was crash the application.

Thanks at least in part to security mitigations added to recent 
operating systems, attackers targeting the heap-overrun flaw had no way 
to control data that got overwritten in memory, IIS Security Program 
Manager Nazim Lala blogged. It was another victory for Microsoft's 
defense-in-depth approach to code development, which aims to make 
exploitation harder by adding multiple security layers.

However, it turned out that wasn't the case. White-hat hackers Chris 
Valasek and Ryan Smith of security firm Accuvant Labs soon posted 
screenshots showing they had no trouble accessing parts of memory in the 
targeted machine that the protection – known as heap exploitation 
mitigation – should have made off limits. With that hurdle cleared, they 
had shown the IIS zero-day bug was much more serious than Microsoft's 
initial analysis had let on.

β€œThe point was proven that you could actually start to execute code, as 
opposed to them saying: 'Don't worry about it. It can only crash your 
server',” Valasek, who is a senior research scientist for Accuvant, told 
The Register.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Mon Apr 18 2011 - 01:08:45 PDT

This archive was generated by hypermail 2.2.0 : Mon Apr 18 2011 - 01:20:24 PDT