Windows, security, etc.

Blog about windows, security, ethical hacking etc.

Malicious PDF document on the rise

April 7th, 2010

As all of you probably know, all software has bugs and have to be updated regulary. But, what if you could exploit a software using allowed functions just the way they are supposed to work? This is something that happened to PDF readers (Adobe, Foxit) few days ago.

Didier Stevens proved this concept. Read more on his blog:

Posted by Robert Petrunic under Ethical hacking, Security with No Comments
Tags: ,

Virtual PC vulnerability

March 17th, 2010

Today, Core Security Technologies issued Security Advisory regarding  Virtual PC Hypervisor Memory Protection Vulnerability.
Vulnerable systems are:

  • Microsoft Virtual PC 2007,
  • Microsoft Virtual PC 2007 SP1,
  • Windows Virtual PC,
  • Windows Server 2005 and
  • Windows Server 2005 R2 SP1

Microsoft Hyper-V is NOT vulnerable.

Vulnerability is explained in this document. If you don’t want to read the whole article (I advise you to read it) here are some important parts of it:

  • It’s only locally exploitable (remotely only if some other vulnerability exists that is remotely exploitable)
  • There is no CVE at the moment
  • It was discovered 7 months ago. Core Security worked with Microsoft to identify impact this may have before announcing it.
  • It’s using memory above 2GB (memory reserved for system)
  • It’s possible to bypass DEP (Data Execution Prevention), SafeSEH (Safe structured error handling) and ASLR (Address Space Layout Randomization)
  • There is a PoC (proofe of concept) code available
  • The vulnerable part of Virtual PC hypervisor is VMM (Virtual Machine Manager)
Posted by Robert Petrunic under Ethical hacking, Security, Virtualization with No Comments
Tags: , , ,

Vulnerability in TLS/SSL Could Allow Spoofing

February 10th, 2010

After a few months of initial public demonstration of SSL renegotiation vulnerability, there was no widely used exploit/attack.  Unfortunately, there is (was) only a matter of time when something like this will happen. Reading Microsoft security advisory 977377, one can speculate that this will happen soon. Since this is not only Microsoft “problem” (SSL and TLS are used in other OS-es), other companies are working to find a solution to. 
Microsoft has offered a workaround (disabling SSL/TLS  renegotiation) for IIS servers.If you are interested, please read KB  article 977377 . Be aware that after you apply this workaround some application will not work as expected (more on this in KB article).

Posted by Robert Petrunic under Ethical hacking, Security, Windows 7, Windows Server 2008 with No Comments
Tags: ,