Vista Will Foil Office File-Format Attacks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
11/29/2006
02:30 PM
50%
50%

Vista Will Foil Office File-Format Attacks

Vista's Address Space Layout Randomization approach will stop some kinds of exploits, notably those that rely on memory manipulation, by arranging key data areas randomly in the available address space.

New security features of Vista, among them memory randomization, will make it more difficult for attackers to exploit some kinds of vulnerabilities, including those in Microsoft's Office suite, security researchers said Wednesday.

Users updating to Windows Vista will be protected from the kind of attacks that plagued Office users this summer, when a slew of unpatched Word, Excel, and PowerPoint bugs were exploited by hackers suspected of operating from China.

Thomas Dullien, chief executive and head of research at the reverse-engineering tool developer Sabre Security, kicked off the discussion in his blog, where he noted that Vista's Address Space Layout Randomization will make file-format attacks moot.

"Client-side bugs in MS Office are approaching their expiration date. Not quickly, as most customers will not switch to Vista immediately, but they are showing the first brown spots and will at some point start to smell," said Dullien, who also goes by the nom de plume "Halvar.Flake." ASLR, which has been used in the Unix world for over a decade, stymies some kinds of exploits, notably those that rely on memory manipulation, by arranging key data areas randomly in the available address space. Microsoft's debut of the technique will be in Windows Vista.

"ASLR should be more effective at blocking the kinds of attacks on Office seen this year," agrees Oliver Friedrichs, director of Symantec's security response team. "It will make exploitation of memory management vulnerabilities much more difficult. Even if a developer makes a mistake in coding memory management, it shouldn't manifest itself in an exploit."

Although Office users may be better protected against file-format exploits when running Vista, those who rely on other applications may not, warns Friedrichs. "Third-party software may still be susceptible to these kinds of attacks," he says, since developers have to explicitly compile ASLR capabilities into their products.

Nor will ASLR and other security technologies new to Windows in Vista stop all attacks. In fact, the rise of attacks that don't rely on vulnerabilities but that depend on so-called "social engineering" tactics to trick users into opening malware or visiting malicious Web sites can be directly traced to improvements in Windows XP that are being expanded upon by Vista.

"Vista will not mean the end of malicious code," Friedrichs says. "Stack and heap protection will make an impact, but attackers will learn to work within the confines of Vista. Windows XP already introduced some of these [defensive] technologies, and one can make a correlation between the decrease in the number of widespread worms and [security] improvements in Windows XP SP2." As Vista rolls out new security technologies, cyber criminals will simply continue to shift their points of attack. "Attackers are moving up the application stack because they're being pushed out of the operating system," says Friedrichs. "They're now moving up the application stack and to the Web layer.

"And as for Vista's overall impact, I can't speak to that yet," concludes Friedrichs. "It will be more effective at blocking some kinds of current attacks, but I suspect there will be whole new areas [for attackers] to explore."

Microsoft plans to launch Windows Vista, as well as Office 2007, in the United States at a New York City event Thursday.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Commentary
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
Slideshows
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll