To trigger a buffer overflow in Windows Vista, is not so easy. However, the two hackers as well as demonstrate several ways to do so. Recently, Microsoft apply the techniques to create a new memory management in Vista to make it more secure. The goal is to prevent buffer overflow attacks as a standard hacker. In the case of buffer overflow, an application will be writing too much data in the range of memory that have been determined. Here, the address range is reserved for other applications will be overwrite. Then hacker can insert malicious code into the near range and executed it. In the event the Security Exhibition Black Hat, two security experts demonstrated how to penetrate this new technology.
Two mechanisms of protection that is important DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) can easily bypass it. Condition, the system has been installed a software with the Vulnerable (has a security bug or slit). Start XP SP2, all addresses that contain the instructions can be executed by Windows as a write protected area with the Dep.
The theory, in this way, buffer overflow will not occur again. Unfortunately, some popular programs, such as IE7 and Firefox 2, do not use this technique. Thus the above two programs, Windows will turn off Dep. Firefox 3 or IE8 are more secure because it supports both Dep these browsers. However, Java will make Dep protection does not become effective because the Java memory management is always activated the write permission. A buffer overflow of Java applets can not be prevented by Dep.
Protection futile: the software does not use techniques that seem to belong Vista ASLR is a brilliant idea. When to call a program in RAM, Windows Vista select an address distributed to the instructions executed. Thus, the attacker does not know where he had to make a buffer overflow in order to address this range can be overwritten with the value of own. However, ASLR works only when a DLL to provide the appropriate flag. In this case, only the property of the Windows DLL to do just that.
Aplikasi luar tidak menggunakan feature tersebut secara terusmenerus. Other applications is not use that feature all the time. Other methods to penetrate ASLR is using spraying techniques. With the duplication and distribution of destructive code in a large number of in memory, an attacker can find the exact range that has been determined by the Windows ASLR. Microsoft still does not want to comment on this security hole. A bugfix not necessarily be the solution. Often, the problem lies not in the operating system itself, but related to the cooperation with the Windows software third-party software. Info: www.microsoft.com