Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Security Science   (RSS)
Tuesday, August 04, 2009 12:33 PM

Preventing the exploitation of user mode heap corruption vulnerabilities

Over the past few months we have discussed a few different defense in depth mitigations (like GS [ pt 1 , pt2 ], SEHOP , and DEP [ pt 1 , pt 2 ]) which are designed to make it harder for attackers to successfully exploit memory safety vulnerabilities
Posted by swiblog | (Comments Off)
Friday, June 05, 2009 6:14 PM

Shellcode Analysis via MSEC Debugger Extensions

In a previous post we provided some background on the !exploitable Crash Analyzer which was released earlier this year. One of the things that we didn’t mention is that !exploitable is just one of the debugger commands exported by the MSEC debugger extension
Posted by swiblog | (Comments Off)
Tuesday, May 26, 2009 10:57 AM

Safe Unlinking in the Kernel Pool

The heap in user mode has a number of different measures built in to make exploiting heap overrun vulnerabilities more challenging. Similar checks have been in debug versions of the kernel pool for some time to aid driver debugging. Windows 7 RC is the
Posted by swiblog | (Comments Off)
Wednesday, April 08, 2009 4:18 PM

The History of the !exploitable Crash Analyzer

At the CanSecWest conference earlier this month we made our first public release of the !exploitable Crash Analyzer . While an upcoming white paper and the CanSecWest slide deck go into detail on the technology involved, we thought it might be useful
Posted by swiblog | (Comments Off)
Monday, March 23, 2009 11:35 AM

Released build of Internet Explorer 8 blocks Dowd/Sotirov ASLR+DEP .NET bypass

Last summer at BlackHat Vegas, Alexander Sotirov and Mark Dowd outlined several clever ways to bypass the Windows Vista defense-in-depth protection combination of DEP and ASLR in attacks targeting Internet Explorer. One approach they presented allowed
Posted by swiblog | (Comments Off)
Friday, March 20, 2009 1:28 PM

Enhanced GS in Visual Studio 2010

In a previous post we noted some stack-based vulnerabilities, such as MS08-067, that GS was not designed to mitigate due to the degree of control available to an attacker. However, other vulnerabilities such as the ANI parsing vulnerability in MS07-017
Posted by swiblog | (Comments Off)
Monday, March 16, 2009 4:15 PM

GS cookie protection – effectiveness and limitations

The Microsoft C/C++ compiler supports the GS switch which aims to detect stack buffer overruns at runtime and terminate the process, thus in most cases preventing an attacker from gaining control of the vulnerable machine. This post will not go into detail
Posted by swiblog | (Comments Off)
Thursday, March 05, 2009 1:30 PM

CanSecWest Preview & New Blog URL

It’s getting busy around here with people preparing for the CanSecWest security conference ( http://cansecwest.com/ ). Many of the Microsoft Security Engineering Center (MSEC) and Microsoft Security Response Center (MSRC) members that regularly post to
Posted by swiblog | (Comments Off)
Monday, February 02, 2009 2:53 PM

Preventing the Exploitation of Structured Exception Handler (SEH) Overwrites with SEHOP

One of the responsibilities of Microsoft’s Security Engineering Center is to investigate defense in depth techniques that can be used to make it harder for attackers to successfully exploit a software vulnerability. These techniques are commonly referred
Posted by swiblog | (Comments Off)
Friday, January 30, 2009 12:44 PM

XSS Filter Improvements in IE8 RC1

On Monday IE8 RC1 was released . Here are some of the most interesting improvements and bug fixes to the XSS Filter feature: Some byte sequences enabled the filter to be bypassed, depending on system locale URLs containing certain byte sequences bypassed
Posted by swiblog | (Comments Off)
 
Page view tracker