WMF exploit and DEP



There’s a bit of controversy over the suggestion that Hardware DEP seemed to protect against the WMF zero day exploit. Sunbeltblog has responded to the controversy. George Ou in the first link above claims that there’s a lot of bad advice out about this exploit and that hardware DEP (Data execution prevention) doesn’t work to mitigate the problem.


After reading through I’m left with a couple questions. 1)how will do virtual machine environments deal with hardware DEP? I haven’t had any first hand experience with it, but have to admit I’m wondering. 2) It sounds as though settings for DEP may need to be such that DEP is enabled for “All programs and services” instead of just essential windows programs and services.

I haven’t had a chance to test this out firsthand, although I may try out the software DEP (There are claims that SOFTWARE DEP can prevent this. (Including Microsoft’s bulletin.) The other question that comes to mind is what is making the experience from one user to another inconsistent? Is it settings? Could there be a hardware variation? Could there even be a variation in the way the exploit work? Settings and varying hardware DEP support would seem to be the most likely.

Ultimately, we shouldn’t rely on DEP as the ONLY protection against buffer overflow exploits… It sounds like it can limit the effect of such an exploit, but it shouldn’t be seen as the holy grail to protect us against programming bugs.

Related Posts

Blog Traffic Exchange Related Posts
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
  • Multi-OS virus? The multi-OS virus may be a proof of concept, but it could be a sign of bad things to come. Let's face it, there have been viruses that have taken advantage of multiple ways of spreading (email/open network shares/instant messengers...) It would almost make sense that even though it's POC..........
  • Zotob.b may be affecting some XP SP2/2003 installs As I noted yesterday, virii typically get updated and improved. Yesterdays reports about the zotob virus noted that Windows Xp service pack 2 and Windows 2003 were not affected by the new worm. Today however, the sans institute is reporting that zotob may be affecting some XP sp2 and 2003......
Blog Traffic Exchange Related Websites
  • Tennis Preview: Rogers Cup In a preview of the Rogers Cup, we find that Federer and Nadal are returning! Judging by the name on this particular tournament, you may think that the winner for this particular game has already been determined. When you consider the results in the past two slams, you may be......
  • Mexican Swine Flu Pandemic? Protecting Yourself In The Event of An Emergency May 9, 2009: UPDATE: Cases in USA now up to 2,254.  Growing too quickly to keep updating daily. For daily updates, see the new CDC Map of H1N1 in the USA for your region.  There have been 3 deaths from H1N1 in the USA. Confirmed Cases of Type A/H1N1 In......
  • Classic Album Review-Kathy Mattea "Good News" We've made it to Christmas Eve, and for the 24th, we are looking back at an interesting holiday work from Kathy Mattea.  Her "Good News" album made it's debut in September, 1993, falling just short of the top fifty bestsellers.  An album that is unique in that it ignores traditional......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site