What is Digg?55 Comments
- hater2win, on 10/12/2007, -2/+60Or the bees... or the hounds with bees in their mouth and when they bark they shoot bees at you!
- Goosemaster, on 10/12/2007, -0/+18I believe as part of the EPS they also release some hounds....
- davidsmero, on 10/12/2007, -1/+14Wow my IQ just dropped. Thanks.
- joe90210, on 10/12/2007, -4/+161) it's only a proof-of-concept
2) you need physical access to the machine
boooooooooooooooring. - thealliedhacker, on 10/12/2007, -0/+11FYI, this is the code:
for(int i = 0; i < 10; i ++) MessageBox(0, "\??\C:\", "\??\C:\", MB_SERVICE_NOTIFICATION);
I guess I have to be the one to point out that there is not any actual SHELLCODE, therefore this is a buffer overflow PoC yes, but this IS NOT an escalation exploit PoC.
It is propably possible to add shellcode to this flaw, but with (Vista's) ASLR it would be difficult to inject, and NEARLY IMPOSSIBLE to make one exploit that works on any box.
So, trying to call this a "Vista Exploit" is not only cheap, it's also very ignorant considering that this could be used to exploit XP (which does NOT have ASLR), but would require much more effort to make effective in Vista. - AngryBoy, on 10/12/2007, -0/+8It's a privilege escalation exploit. In Windows Vista there are different levels of authenticated users. Lower level, or "everyday", users do not have access to certain things that could potentially harm the operating system. Things that could harm the OS require a supervisory account access. It's a pretty common paradigm in the Unix/Linux/Mac world, and now part of Windows too.
The privilege escalation exploit allows a lower level user to to something that a supervisor account can do, without proper authentication. This is bad because it could allow some malicious software to make a change to the operating system that would make it extremely difficult to remove or do other nasty things to your operating environment.
You're not crazy. It's just a new way of thinking about security that everyone needs to get accustomed to. - unexpected, on 10/12/2007, -3/+11"his ass is gonna blow!"
- joe90210, on 10/12/2007, -0/+6you already posted this hilariously pathetic nonsense, stop spamming.
- inactive, on 10/12/2007, -6/+11hater2win
Was that a reference to The Simpsons? I think it was but I'm not sure.... - JeffH, on 10/12/2007, -5/+10David, are you high or just incredibly stupid? It will not work on a limited account on Vista. It needs to be run strictly under an administrator account.
- hater2win, on 10/12/2007, -2/+6@Jun168
Yes it was, and I am glad that there are some people that realized that :P, escpecially the one below it by user named unexpected:
"His ass is gonna blow!"
Haha, that made me laugh that somebody remembered that part also. In the Simpsons, though, he says "dogs" not hounds. But hound was there so I used it... - pabster, on 10/12/2007, -1/+5You make a great point.
One of Vista's least known and yet most powerful security features is ASLR.
It is by no means absolute protection but it is light years ahead of XP. - soogy, on 10/12/2007, -5/+9Yes, let's all blast Microsoft for finally having a faster method of responding to security problems.
Let me note that you have to be PHYSICALLY at the machine to perform this exploit. - joe90210, on 10/12/2007, -3/+7ya that's great, good luck trying to breaking into my house first.
- DigitalDud, on 10/12/2007, -0/+3The email is wrong about a few things. There hasn't been an exploit and its not a kernal-mode vulnerability. Csrss.exe is a user-mode process, it runs as System and there's BSOD bugcheck that goes off if the process dies, but its not in the kernel.
- davidsmero, on 10/12/2007, -0/+3To gain full Admin access. So an attacker could use it on a limited or guest account to gain full access.
- kolais, on 10/12/2007, -0/+2Sorry, the correct link is http://www.kuban.ru/forum_new/forum2/files/19124.html
- eurokc98, on 10/12/2007, -0/+2The most interesting part of the article:
"The Microsoft confirmation comes hard on the heels of a claim by anti-virus vendor Trend Micro that underground hackers are selling zero-day exploits for Windows Vista at $50,000 a pop."
50 grand for an exploit that will be eventually patched, I guess im out of the loop when it comes to the financial side of these exploits. - postitnote, on 10/12/2007, -2/+4I compiled the c# code and ran it, and it bluescreened and restarted. Then in the event viewer, it said that:
"Windows Defender Real-Time Protection agent has taken action to protect this machine from spyware or other potentially unwanted software."
and after that, the computer restarted. So I guess Vista DID protect against this ;). - kolais, on 10/12/2007, -0/+2Another interesting thing: next day after the code was posted, some Russian guy (this time from a security-related site) sent an email directly to Microsoft - http://www.security.nnov.ru/Pdocument469.html
Speak about their "fast response" :) - Nachoo, on 10/12/2007, -1/+3Windows Vista - 'Secure by design'
- floodyberry, on 10/12/2007, -4/+6david is right, you don't need administrator (or physical) access to abuse the exploit, just someone who is already logged in under any account who will run your program. Granted it's still not that big a deal unless you regularly run programs from questionable sites. http://research.eeye.com/html/alerts/zeroday/20061215.html has a pretty detailed description of what the exploit actually does.
As for the Russian "hackers", the translated forum thread is a riot to read - half of them can't even get the code to compile. I'm guessing the sensationalists at eWeek assumed nobody would be able to read the feared Russian hackers having trouble with string escaping. - Goosemaster, on 10/12/2007, -3/+4hater2win...:Q
they've gone too far. - T3CK, on 10/12/2007, -1/+2isn't Microsoft's emergency response part of FEMA ?
- pabster, on 10/12/2007, -1/+2Pray for the chairs.
- joe90210, on 10/12/2007, -10/+11david you're a ***** idiot, stop talking.
- kolais, on 10/12/2007, -0/+1Read the original forum entry (http://www.kuban.ru/cgi-bin/forum/forum2.cgi?page=1&ask=19124).
1. This a forum of a Kuban region (southern Russia) ISP, general "Software Development" section.
2. The author didn't intend any PoS (nor exploit). He stepped into BSOD while debugging a program and just shared the code.
3. Someone later in the thread posted a suggestion that the alleged memory corruption is due to some user32.dll bug (and yes, someone tested the code in Vista) could be used for a malicious activity, but that was just a forum joke.
Yet another "russian hacker" stereotypical misinterpretation :-( (Like as everyone was saying that poor Litvinenko guy was a "spy" while he wasn't). - benitojuarez, on 10/12/2007, -0/+1they had to include stricter drm controls otherwise hollywood wont let them use blu-ray/hd-dvd decoders you *****.
- adolfojp, on 10/12/2007, -2/+3So... in order for this to work he needs physical access to the computer and an administrator account...
Might as well start deleting files manually. - macewan, on 10/12/2007, -1/+1how neighborly of them to share :)
- eNthem, on 10/12/2007, -1/+1Russian programmers are much smarter than those at Microsoft, they are the best in the world. To beat the best you gotta be the best.
- JeffH, on 10/12/2007, -7/+7Uh, not really:
"Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system."
So they'd have to compromise Vista's security first and give the hacked admin access for this malicious code to be executed. Getting admin privelages remotely on XP is cake, but hasn't been done on by unauthorized users on Vista. - whiteboy, on 10/12/2007, -3/+3Ugh, not again.
- Barlo_Mung, on 10/12/2007, -1/+1Yeah, but you need admin rights to do it.
Heck, if you already have admin rights why not just install a malicious service from the get go. - madivad, on 10/12/2007, -0/+0to what floodyberry posted! GREAT link! as a intermediate programmer, it's great to see exactly how something like this is exploited!
- cyssero, on 04/18/2009, -2/+2It's probably a lot easier to break into someones house than it is to hack Vista :)
- davidsmero, on 10/12/2007, -3/+2Wow.
- H0LLIS, on 10/12/2007, -6/+4I don't see what the fuss is about, they will fix it with vista service pack 2, 3rd quarter 2010.
- Mudcrutch, on 10/12/2007, -11/+7"While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date," he added.
I knew this ***** would start happening. All these promises and then.. oops, we need to send out our emergency response team to put out fires. - zachriggle, on 10/12/2007, -7/+2The exploit is via MessageBox? WTF!
- davidsmero, on 10/12/2007, -8/+3The emergency response process consists of a midget running around ringing a bell.
- fstraat, on 10/12/2007, -8/+2hmm
something that wouldn't happen on open source...ooops - inactive, on 10/12/2007, -7/+1"for the attack to be successful, the attacker must already have authenticated access to the target system."
Then why do you need to use a vulnerability to access it?
I feel like I'm taking crazy pills! - H0LLIS, on 10/12/2007, -6/+0Everything new is old again.
@ soogy. Some of the microsoft teams change names on almost a weekly basis. A rose is a rose my friend. - crazyboy1121, on 10/12/2007, -8/+1Kinda have 2 i mean...its windows...
- shrewduser, on 10/12/2007, -13/+4"
Was that a reference to The Simpsons? I thin it was but I'm not sure...."
all you have to know is that google can make up for the shortcommings of your brain.... - FrugalFreak, on 10/12/2007, -12/+3my first thought is: they have to have some way to build support for their new built in security features right? the bundled security features I imagined is a downside to me, because it makes me think Microsoft takes away my right to choose my own security base. I still wont buy vista, for 5 reasons, nor will I recommend to Friends and family who I am PC support tech guy for free. my 5 reasons
1. Like there wasn't enough bundled crap already I couldn't uninstall, I could, but it always created more problems.
2. DRM- I am against pirating somewhat. I buy Cd's instead of downloading, buy movies. when it goes so far that i receive spyware from bought Cd's or I can't backup my movie or game, or music without a stir from RIAA, or MPAA, and Microsoft is backing them by adding support for their campaign by what the are building.
3. Not making PC Makers like Dell, etc.. include a OS in each shipping product. A tech needs that disk to perform viable functions. like a PC with boo loads of Trojans, etc.. I know i could do a recovery from virtual drive, but i should be able to install new drive instead of having to ship current to dell if hard drives gets a unbootable error. they said I could send it with a prepaid label, but what about AFTER warranty expires, I'll have to pay shipping every time i want a clean reformat.to and from. if i had disk i could just do a reformat and boom, no shipping.
4. The WGA, Activation, Notify scheme makes me think of Dictatorship government. no o in my book.
5.Open source only is the future. when and if Internet becomes controlled by Corp or by Government and it becomes so controlled, I foresee a separate, people ran Internet, people coop connection network, People created hardware, and people created software. people made Microsoft, people made Internet, so why can't PEOPLE make competitive infrastructure. why do we have to rely on what they provide consumers? I'd pay more money for network of freedom ran by openness than any conglomerates could have even if they charged less. if we donated just 10 dollars per person monthly, but got everyone in world to do so, it would have funds to do so. people having been fretting over net neutrality. lets take all power away by not using at all and forcing providers to abandon projects altogether, or at least by forming what the price is. we have that power, but people are uncomfortable being uncomfortable. - shrewduser, on 10/12/2007, -12/+2you so obviously don't know much about hacking,
to a hacker proof of concept code and privalage escalation is his bread and butter.... - inactive, on 10/12/2007, -15/+2I'm glad i switched to Ubuntu
-
Show 51 - 54 of 54 discussions
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is