At this year’s Hack in the Box conference in Amsterdam we’ve had the opportunity to speak to Steven Seeley regarding his research on heap managers. Since the topic was highly interesting, and since part of expert’s work was based on prior analysis made by Chris Valasek, we decided to do a follow-up on the subject by talking to Valasek himself.
, who works as a security research scientist at Coverity, is highly passionate about the topic and as soon as Windows 8 was released, he started studying its heap manager to learn what improvements have been made.
According to the researcher, Microsoft has been busy addressing all the issues affecting the heap manager in Windows 7.
“After looking through the Windows 8 Heap Manager it was very apparent that MSFT was privy to all the current exploitation techniques. All of the deficiencies that were present in Windows 7 were addressed in Windows 8 (and then some!),” he told Softpedia in an email.
“They’ve also added additional protections, such a chunk randomization (attackers can no longer guarantee 100% that a piece of memory will come from their desired location), guard pages (inaccessible space inserted between heap memory, to mitigate the effects of a heap overflow), and some others,” he added.
“It is definitely the most secure Windows heap manager to date.”
However, the lucky security enthusiasts who will take part in this year’s Black Hat USA security conference – where Valasek will detail his work − will learn that it’s not bulletproof.
“I’ve identified a couple of new techniques for Windows 8, but they do require more preconditions than their Windows 7 counter parts. Leveraging Windows heap meta-data is VERY limited in Windows 8,” the expert explained.
We’ve asked him about the most important improvements made to the heap manager from the 7 version of Microsoft’s operating system to Windows 8.
He said, “The removal of the FreeEntryOffset, memory randomization, and guard pages seem to be the most effective steps preventing exploitation in the Windows 8 heap manager.”
The complete presentation, entitled “Windows 8 Heap Intervals,” will be made on July 25 at Black Hat 2012 USA.