Microsoft Defends Win 7 Security After Pwn2Own

Last week we reported that during Pwn2Own, two hackers were able to sidestep Windows 7's data execution prevention (DEP) and address space layout randomization (ASLR), and hack into Internet Explorer 8 and Firefox 3.6. One of the hackers, Peter Vreugdenhil, a freelance vulnerability researcher from the Netherlands, said that he used "fuzzing" to uncover two vulnerabilities in a fully-patched version of 64-bit Windows 7.

"I started with a bypass for ALSR which gave me the base address for one of the modules loaded into IE. I used that knowledge to do the DEP (data execution prevention) bypass,” Vreugdenhil said last week.

Days later, Pete LePage, a product manager in Microsoft's Internet Explorer developer division, came up to bat for IE's Protected mode, DEP and ASLR in a recent blog, saying that defense-in-depth techniques aren't designed to prevent every attack forever. Instead, they're in place to make it that much more difficult to actually find and exploit a vulnerability.

"One way to think about what defense in depth techniques do is similar to the features offered by fire-proof safes that make them last longer in a fire," LePage wrote. "Without defense in depth techniques, a fire-proof safe may only protect its contents for an hour or two. A stronger fire-proof safe with several defense in depth features still won't guarantee the valuables forever, but adds significant time and protection to how long the contents will last."

Apparently the "safe" isn't all that thick. Vreugdenhil said last week that the Windows 7 defenses weren't hard to overcome, taking at least six or seven days to "get everything to work." While he didn't specify the exploits he used to bypass DEP and ASLR, Vreugdenhil released a white paper explaining how he sidestepped Windows 7's security. The PDF file can be downloaded here.

Vreugdenhil will disclose the exploits once they have been addressed by Microsoft.

  • flyinfinni
    Interesting. Security really is a continual work in progress as Hackers will continue to find new exploits and they will continually be in the process of being fixed. Nothing is perfect and more and new ways to attack will continue to be developed.
    Reply
  • thedipper
    My defense for Microsoft is:

    It's Microsoft. They can have almost any exploitable security hole repaired and the patch rolled out to users all within the same day.
    Reply
  • doc70
    Wasn't that hard? At least 6-7 days to overcome?
    Doesn't sound too easy to me.
    A little confusing there, Kevin.
    Reply
  • bigrigross
    Thats why I use chrome. The sandbox environment in Chrome makes it next to impossible to crack. But of course, someone will develop a hack for it. Its inevitable.
    Reply
  • yawn ... hehe.. secure.. not.
    Reply
  • jhansonxi
    When you hear that Windows 7 is the most secure OS ever, they don't mention that this is only when compared to the previous Windows version, not any other OS. I've heard this line from Microsoft with every release since Windows 95 (before that they didn't care about security at all and I've used Windows since version 2.0). Just slap some firewalls and anti-malware apps on it and everything will be wonderful, just like the advertisements claim.

    ASLR is like building a maze around your house. It may delay entry for a bit but if you built a proper security fence you wouldn't need it in the first place.
    Reply
  • jhansonxi
    thedipperMy defense for Microsoft is:It's Microsoft. They can have almost any exploitable security hole repaired and the patch rolled out to users all within the same day.They can but usually don't. You can't just deploy patches without testing. They've had patches break apps in the past.
    Reply
  • trandoanhung1991
    jhansonxiWhen you hear that Windows 7 is the most secure OS ever, they don't mention that this is only when compared to the previous Windows version, not any other OS. I've heard this line from Microsoft with every release since Windows 95 (before that they didn't care about security at all and I've used Windows since version 2.0). Just slap some firewalls and anti-malware apps on it and everything will be wonderful, just like the advertisements claim.ASLR is like building a maze around your house. It may delay entry for a bit but if you built a proper security fence you wouldn't need it in the first place.
    All of you who talk crap about Microsoft and how their OS security sucks, do you know how hard it is to write software? When you have to write 100,000s lines of code (I doubt it's that little to be honest), do you think every line would be perfect?

    Every kind of defense/security can be broken given time and effort. Nothing is unbreakable. It's just that either technology hasn't catch up yet OR the return is not worth the reward.
    Reply
  • masterjaw
    ^ Unfortunately, I agree with you. But the important thing is that those loopholes should be fixed immediately as soon as it is discovered to minimize the damage. Hacking events would help improve security of softwares involved.
    Reply
  • raithedavion
    Actually, Windows 7 is the most secure OS ever created. It has been compared to both Linux and Mac OS X Snow Leopard.
    Reply