Redmond: IE Win 8.1 defence destroying hack ain’t worth patch, natch

HP security research bod Dustin Childs says the company couldn’t get Microsoft to patch an IE exploit, so it’s gone public.

Childs says the Address Space Layout Randomisation (ASLR) hole affects millions of 32bit systems and should have been patched.

He says his former paymasters at Redmond did not consider the bug ‘worth it’ even though it paid $125,000 for the disclosure.

“Since Microsoft feels these issues do not impact a default configuration of IE — thus affecting a large number of customers — it is in their judgment not worth their resources and the potential regression risk,” Childs writes.

Redmond: IE Win 8.1 defence destroying hack ain't worth patch, natch

Redmond: IE Win 8.1 defence destroying hack ain’t worth patch, natch

“We disagree with that opinion and are releasing the proof-of-concept information to the community in the belief that concerned users should be as fully informed as possible in order to take whatever measures they find appropriate for their own installations.

“… we’ve handled vulnerabilities and vendor responses for nearly 10 years. This is hardly the first time a vendor has decided not to fix a problem we think they should.”

The attack ultimately will become a part of hackers’ toolkits when working out ways to break into the latest Internet Explorer installs on the newest Windows platforms.

Childs says the information disclosure and Windows 7 and 8.1 proof-of-concept exploit released under HP’s Zero Day Initiative is necessary to inform users.

Microsoft says it did not patch the clever bypass of its important defence mechanism because 64-bit as opposed to the affected 32-bit versions of the web browser derive most benefit from ASLR.

It also leans on the sister defence mechanism MemoryProtect which has led to a large drop in IE exploits.

These skirt the question at hand however, Childs says, because the exploit affects only 32-bit IE platforms and the millions of users operating it.

“Think of it (the exploit) as surgical tools for working around the affects of Memory Protection where possible. MemoryProtection only fully mitigates a subset of use-after-free (UAF) vulnerabilities. Is an ineffective ASLR mitigation worth a ‘slight decrease’ in UAF vulnerability submissions to Microsoft? It seems that for Microsoft, the answer is yes. UAF vulnerabilities still exist in IE and the ease at which ASLR can be broken only makes IE a more attractive target for attackers.”

Childs was formerly Senior Technical Evangelist for Cybersecurity at Microsoft. His video demonstrating the exploit is below.

Source:http://www.theregister.co.uk/

Advertisements

About webimprint

Webimprints is the leading company which provides global information security services to the client around the World.
This entry was posted in Cyber Security, Vulnerabilidad and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s