Ziff Davis Internet
News & Resources for the IT Reseller
NewsReviewsTech AnalysisCommentarySecurityLinux/Unix
My Account |  
Home > News > 

Attackers Could Bypass XP SP2 Security Mechanisms
By Ryan Naraine
January 31, 2005


Microsoft Corp. on Monday confirmed it was investigating a claim by a Russian security researcher that two key security technologies built into Windows XP Service Pack 2 could be easily defeated.

ADVERTISEMENT

The weaknesses were highlighted in a research paper published by Alexander Anisimov of Positive Technologies and centers around XP SP2’s heap protection and DEP (data execution prevention) security mechanisms.

According to Anisimov, malicious hackers could bypass the two security mechanisms to execute arbitrary code on Windows systems running XP SP2. A successful attack could also allow arbitrary memory region write access (smaller or equal to 1016 bytes) and DEP bypass.

Microsoft is disputing the crux of the researcher’s claim, insisting it is not a security vulnerability.

“An attacker cannot use this method by itself to attempt to run malicious code on a user’s system. There is no attack that utilizes this, and customers are not at risk from the situation,” a spokesperson for the software giant told eWEEK.com.

eWEEK.com Special Report: Windows XP Service Pack 2

She said the two security technologies built into XP SP2 are meant to make it more difficult for an attacker to run malicious software on the computer as the result of a buffer overrun vulnerability.

“It’s important to note that data execution protection and heap overflow protection were never meant to be foolproof; the purpose of these features is to make it more difficult for an attacker to run malicious software on the computer as the result of a buffer overrun,” she said.

PointerIT pros are still cautious about deploying XP SP2. Click here to read more.

Officials at the Microsoft Security Research Center plan to modify the technologies to address the reported weaknesses.

The primary benefit of DEP is to help prevent code execution from data pages. In XP SP2 and Microsoft Windows XP Tablet PC Edition 2005, DEP is enforced by hardware and by software.

Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. Software-enforced DEP can help prevent malicious code from taking advantage of exception-handling mechanisms in Windows.

Execution protection, or NX (no execute), prevents code execution from data pages such as the default heap, various stacks and memory pools. Protection can be applied in both user- and kernel mode.

PointerCheck out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.

     
Email


TALKBACK
MICROSOFT RESOURCE CENTER
Free Hands-On Training Lab
Find out how key features of SBS 2003 can help you open up a new line of revenue. Register now >>


SBS 2003 Sales Reference Card
This handy reference card contains features at a glance, sales objection handling, pricing guidelines & more. Get it now >>


Microsoft Empower for ISVs rewards your big idea with big benefits and support.
Access key development tools at a low cost to help you develop that idea into an innovative application. Learn more >>




 
FREE WHITE PAPER
Changing Business for the Better: A Practical Guide to BPM


This paper provides an overview of the benefits of BPM technologies and identifies the characteristics of BPM solutions that lead to successful BPM process-centric integration projects.


Download this free white paper to learn more!

>> brought to you by IBM

Attention Microsoft Solution Providers!



Want to gain a competitive edge? Try Microsoft Watch – FREE!


Each week you receive:
  • Microsoft News and Insider Information
  • Expert Analysis
  • Code Names of Upcoming MS Products
  • Year-Ahead Calendar, updated monthly



    Click Here to sign up now for your FREE 14 Day Trial to Microsoft Watch.
    •  
    Topic Center Index
    Business Licensing Information Technology
    Companies Channels Resellers
    Software Management  

  • Add up to $1,200 of value with the new BONUS PACKS.
  • HP PartnerONE: The key to increasing your margins.
  • HP Compaq nc6129 Business Notebook. $1149 Smart Buy
  • HP xw8200 workstation. Smart Buy price $1549.
  • ProLiant DL360G4p server: HP Smart Buy price $1647
  • Microsoft files new anti-piracy lawsuits. Learn more.
  • New offers with Windows Genuine Advantage.

    		•

    RELATED LINKS

    NEWS

    View All >

    OPINION

    View All >
    POPULAR TOPICS
    More Topics…
    CHANNEL INSIDER BUYER’S GUIDE
    •Catalog Publishing
    •Dealer Management
    •Order Configuration
    •Price Management
    •Sales Management

    View All >

    SOLUTION BUILDER

    View All >
    CAREER CENTER
    Search the jobs you want & get the info you need – post your resume here today!

    Powered by Dice

    TECH ANALYSIS

    View All >

    CONTRACT WATCH

    View All >
    SPECIAL REPORTS
    White Boxes
    MS vs. IBM
    Linux in the Channel
    Network
    CHANNEL RSS FEED
    Stay in the Zone
    Put The Channel Insider on your desktop.
    FREE NEWSLETTERS
    Subscribe to The Channel Insider: Channel News, Reviews, Resources and more.

    Make your selections below:

    Contract Watch

    The Channel Insider Update

    Preferred e-mail format:

    Enter your e-mail:


    view all newsletters >>

    Channel Insider      Contact Us | Advertise | Site Map

    Channel Insider Quick Links

    B2B | Compliance | Competitors | Procurement Contracts | Site Licenses | Microsoft Licenses | Certification | OEM
    Custom PC | IT Sales | Distribution Channels | Service Providers | Turnkey Integration | VAR | Microsoft Resellers
    Computer Resellers | Software Distributors | Business Management | System Integrators | Technology Partners

    Ziff Davis Footer Logo

    Ziff Davis Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters | RSS Feeds
    Tech Shop | White Papers | Tech Encyclopedia | PC Downloads | ROI Calculators | Tech Jobs
    Enterprise Product Comparison Guides | Consumer Electronics Buying Guides | Tech Podcasts | Tech Video

    1UP | Baseline | The Channel Insider | CIO Insight | Cranky Geeks | DesktopLinux | DeviceForge | DevSource
    DigitalLife | DL.TV | eSeminars | eWEEK | ExtremeTech | Filefront | GameVideos | GearLog | LinuxDevices
    Linux Watch | Microsoft Watch | PC Magazine | PCMagCasts | PDF Zone | Security IT Hub | Server IQ
    Smart Company | Technoride | Web Buyer's Guide | What's New Now | Windows for Devices

    Use of this site is governed by our Terms of Use and Privacy Policy
    Copyright © 2003-2006: Ziff Davis Publishing Holdings Inc. All rights reserved. The Channel Insider is a trademark of Ziff Davis Publishing Holdings Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.