|
Remote Windows Kernel Exploitation - Step Into the Ring 0 http://www.eeye.com/html/resources/whitepapers/research/index.html Over 5 years ago my friend and colleague Barnaby Jack wrote a seminal paper that brought a new level of awareness and understanding to Windows based buffer overflow exploitation. What was once a topic considered to be something to be spoken in dark corners is now a critical area of research by software firms wishing to write secure applications. Times have changed though and so has the vulnerability landscape. The demand for host based security solutions and improved application performance has caused many new software solutions to move more and more of their application code into the kernel. After reviewing various products it is apparent that the same security minded principles being applied to writing secure userland code, are not being enforced or thought-out for kernel based code. There has been a large increase in vulnerabilities discovered over the last year that affect kernel drivers. There has not however been an increase in awareness around the exploitability and the criticality of these vulnerabilities. Just as it was five years ago Mr. Jack has written a paper that embarks on a journey into demystifying remote windows kernel exploitation and settling the debate once and for all. We hope that writers of kernel code take note and think about how these types of attacks can affect their products. Does the same sort of peer-review, and source code analysis take place for your kernel code? And as researchers are we pushing ourselves hard enough to advance the science of security? Security can be an arms race and we need to be creating this technical awareness, instead of the next worm doing it for us. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities Important Notice: This email is confidential, may be legally privileged, and is for the intended recipient only. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offense. Please delete if obtained in error and email confirmation to the sender.