Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system.
By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user’s machine.
This is beyond bad.
“The genius of this is that it’s completely reusable,” said Dino Dai Zovi, a well-known security researcher and author. “They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.”
Researchers who have read the paper that Dowd and Sotirov wrote on the techniques say their work is a major breakthrough and there is little that Microsoft can do to address the problems. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista’s fundamental architecture and the ways in which Microsoft chose to protect it.
Noted security expert Bruce Schneier says “This is huge.”