The new Windows contains a safe unlinking feature, making attacker exploits far more difficult than before.
You’ve got to keep building better mousetraps, and that what Microsoft appears to have included in its new Windows 7. The OS includes a feature called safe unlinking that makes it a great deal harder for attackers to exploit bugs within the operating system.
It’s in the part of the kernel responsible for allocating and de-allocating memory, and works by checking before the removal of an entry to ensure it’s not an OS exploit called a pool overrun.
Peter Beck, a member of Microsoft's Security Science team, wrote:
"This simple check blocks the most common exploit technique for pool overruns. It doesn't mean pool overruns are impossible to exploit, but it significantly increases the work for an attacker."
The company decided to act because “the proportion of security bulletins affecting the Windows kernel has been increasing, from under 5% in 2007 to just over 10% in 2008.”
A similar feature was added to Service Pack 2 for XP, and added to Vista. One concern was whether it would affect speed, but Beck pointed out that “in practice this check adds no more than 8 instructions to the binary in each place it occurs; this is not enough to make a noticeable difference.”
0 comments:
Post a Comment