At the Black Hat convention in Las Vegas

Jul 26, 2006 13:03 GMT  ·  By

In the wake of Symantec's second report related to Windows Vista vulnerabilities, at the Black Hat conference in Las Vegas a security researcher will make a public demonstration hacking into Vista kernel. Joanna Rutkowska, senior security researcher for COSEINC from Singapore will present proof-of-concept that inserts malware past the operating system's security. This is possible by bypassing security with the aid of digitally signed code that loads directly into the Vista kernel.

In her demonstration, Rutkowska will disable Vista's signature-check tool, opening the way for malware execution in kernel mode. In this manner, sniffers, keyloggers and backdoor Trojans could find their way into Vista's basic services, and from the OS's fundamentals allow for remote control of the compromised machine.

"For the attack to succeed, one needs to find a reliable way to force interesting kernel code to be paged out, then find that code inside a page file and modify it. And finally, the kernel needs to load that code (now modified) again into physical memory and execute it," explained Rutkowska. "The proof-of-concept code I implemented solves all those challenges allowing for very reliable exploitation." Rutkowska blames the vulnerability on Microsoft's operating structure, stating that the fact that mode applications can access raw disk sectors is in fact a design problem.

As a conclusion, the researcher stated that she is impressed with the overall performance of Windows Vista, and how the operating system balances security and functionality.