Tuesday, March 9, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Microsoft is working on mitigating an entire Windows bug class

April 2, 2020
in Internet Security
Microsoft is working on mitigating an entire Windows bug class
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Microsoft is working on developing comprehensive mitigation for a class of Windows bugs that have plagued the operating system for more than two decades.

Israeli security researcher Gil Dabah told ZDNet that a fix is currently in the works.

You might also like

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

McAfee sells its enterprise business to private equity group as it focuses on consumer security

Everything you need to know about Microsoft Exchange Server hack

Earlier today, Dabah published proof-of-concept code and a report detailing 25 bugs, all exploiting variations on the same type of vulnerability.

Bug class impacts the old Win32k component

Dabah’s work expands on an attack surface in the Windows operating system that’s been known since the mid-90s. The vulnerability class impacts Win32k, a Windows component that manages the user interface on Windows 32-bit architectures, and the interactions between UI elements, drivers, and the Windows OS/kernel.

Today, the Win32k component still ships with Windows, even on 64-bit versions, where it acts as a legacy layer, allowing older apps to run on modern systems.

But the problem comes from how this component evolved. In earlier versions of Windows, this component ran in the user-mode section of the Windows OS.

When Microsoft finally realized that this is a crucial component and that it should run in the more secure kernel mode, it was already too late, as the component had grown in size and complexity, and a complete re-write would have broken backward compatibility for thousands of 32-bit apps.

Today, the Win32k component is quite a mess. Some operations happen entirely in the kernel space, while other sections rely on older parts of the codebase.

These older Win32k functions are all prefixed with “xxx” and when they’re called, they’re sent from the secure kernel mode to user mode, and the result is returned back to kernel space.

windows-bug-class.png

image: Gil Dabah

Attackers and security researchers were quick to spot the weakness in this non-standard execution model. Both realized that they could tamper with Win32k’s xxx-prefixed code while it was in user mode memory, and insert malicious code that is later executed inside the kernel, with elevated privileges.

For more than a decade, security researchers have detailed numerous methods and techniques for inserting malicious code inside the Win32k component and get admin rights. Research on the topic goes as far back as 2008 and 2011.

A one-year-long challenge

In an interview today, Dabah told ZDNet that exactly one year ago, to the day, he set out to find a new way to exploit these types of bugs, challenging himself to uncover more than 15 different issues in the Win32k component.

Today, the researcher delivered on that challenge by publishing a 34-page report detailing multiple never-before-seen methods for getting an elevation of privilege via the Win32k component.

In total, the researcher found 25 different bugs, some of which worked even on the latest versions of Windows 10 — at the time of testing being Windows Insider Preview, September 2019.

Of the 25 bugs, Dahab said that “11 were exploited to prove feasibility for elevation-of-privilege (EOP).” These 11 got fixes from Microsoft, which has been slowly releasing patches since November 2019, with the most recent fixes arriving in February, this year.

A tough patch process

But while many security researchers are usually unhappy with the way Microsoft patches security issues, Dabah said that the OS maker has done an excellent job, especially when taking into account the extremely old codebase.

“People normally think it’s easy to go and touch a 30-years-old software, but it’s like the biggest challenge nobody imagined,” Dabah told ZDNet. “Talking from somewhat my own experience in this domain as well.”

Dabah says that Microsoft is currently “developing a wide mitigation to solve this bug class once and for all.” This mitigation is currently in the WIP (Windows Insider Preview) version, Dabah said.

Once this mitigation goes live, Dabah hopes they’ll plug all other bugs in the same vulnerability class, even those that have not been discovered or documented yet.

Dabah’s report, which received praises from most of the information security community, is available for download in PDF format. Proof-of-concept code for 13 of the 25 bugs is available on GitHub.

Phenomenal work. After 15 years of Windows Internals courses, the one part where people still look at me in disbelief and “he must be exaggerating” is when we go over the locking scheme in win32k and user mode callbacks. Even after @j00ru @gynvael and @kernelpool. And now @_arkon https://t.co/EtK6OEu9UQ

— Alex Ionescu (@aionescu) April 1, 2020


Credit: Zdnet

Previous Post

The New Security Paradigm Shift

Next Post

Google Ads Tips: 5 Ways to Improve Your PPC Ad Campaigns

Related Posts

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
McAfee sells its enterprise business to private equity group as it focuses on consumer security
Internet Security

McAfee sells its enterprise business to private equity group as it focuses on consumer security

March 9, 2021
Everything you need to know about Microsoft Exchange Server hack
Internet Security

Everything you need to know about Microsoft Exchange Server hack

March 8, 2021
Bill establishing cyber abuse takedown scheme for adults enters Parliament
Internet Security

eSafety defends detail of Online Safety Bill as the ‘sausage that’s being made’

March 8, 2021
Maza Russian cybercriminal forum suffers data breach
Internet Security

Maza Russian cybercriminal forum suffers data breach

March 7, 2021
Next Post
Google Ads Tips: 5 Ways to Improve Your PPC Ad Campaigns

Google Ads Tips: 5 Ways to Improve Your PPC Ad Campaigns

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

SCA invests in Australian AI and machine learning company
Machine Learning

SCA invests in Australian AI and machine learning company

March 9, 2021
How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS
Neural Networks

How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS

March 9, 2021
Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
Internet Privacy

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

March 9, 2021
How to Begin Using DevSecOps for your Team
Data Science

How to Begin Using DevSecOps for your Team

March 9, 2021
Algorithm helps artificial intelligence systems dodge ‘adversarial’ inputs
Machine Learning

Algorithm helps artificial intelligence systems dodge ‘adversarial’ inputs

March 9, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • SCA invests in Australian AI and machine learning company March 9, 2021
  • How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS March 9, 2021
  • Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks March 9, 2021
  • Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks March 9, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates