WMF exploit and DEP



There’s a bit of controversy over the suggestion that Hardware DEP seemed to protect against the WMF zero day exploit. Sunbeltblog has responded to the controversy. George Ou in the first link above claims that there’s a lot of bad advice out about this exploit and that hardware DEP (Data execution prevention) doesn’t work to mitigate the problem.


After reading through I’m left with a couple questions. 1)how will do virtual machine environments deal with hardware DEP? I haven’t had any first hand experience with it, but have to admit I’m wondering. 2) It sounds as though settings for DEP may need to be such that DEP is enabled for “All programs and services” instead of just essential windows programs and services.

I haven’t had a chance to test this out firsthand, although I may try out the software DEP (There are claims that SOFTWARE DEP can prevent this. (Including Microsoft’s bulletin.) The other question that comes to mind is what is making the experience from one user to another inconsistent? Is it settings? Could there be a hardware variation? Could there even be a variation in the way the exploit work? Settings and varying hardware DEP support would seem to be the most likely.

Ultimately, we shouldn’t rely on DEP as the ONLY protection against buffer overflow exploits… It sounds like it can limit the effect of such an exploit, but it shouldn’t be seen as the holy grail to protect us against programming bugs.

Related Posts

Blog Traffic Exchange Related Posts
  • Mac Wireless driver Security vulnerability revisited A couple weeks ago the hot story was about the demonstration of a vulnerability in a 3rd party wireless card driver on a Mac. The individuals that demonstrated the vulnerability (in a video taped presentation) also claimed that many wireless drivers were vulnerable to this same flaw and it included......
  • NEW exploit for the WMF vulnerability Just when you thought we had a good understanding of the recent zero-day WMF (Windows metafile exploit) it's worse. Sans is reporting on a new variation on the exploit released today. They have gone to yellow (again) to warn people. Here are some details. This exploit was "made by the......
  • Windows 98 and the WMF exploit I've seen breathless headlines that say "Windows PCs face 'huge' virus threat; Affects every MICROSOFT OS shipped since 1990..." and really would like to try to clarify (again) what the situation is. Yes, the bug or vulnerability that's currently being exploited exists as far back as Windows 3.0, but as......
Blog Traffic Exchange Related Websites
  • Mexican Swine Flu Pandemic? Protecting Yourself In The Event of An Emergency May 9, 2009: UPDATE: Cases in USA now up to 2,254.  Growing too quickly to keep updating daily. For daily updates, see the new CDC Map of H1N1 in the USA for your region.  There have been 3 deaths from H1N1 in the USA. Confirmed Cases of Type A/H1N1 In......
  • Protecting Yourself Against Inflation While the debate between inflation and deflation keeps on going, I'm firmly in the camp of inflation. And so is Warren Buffett, as are many other investment advisors. So how do you protect yourself and your investments from the effects of inflation? Investment newsletter editor, Keith Fitz-Gerald, recently had a......
  • Gramophones Collectibles -> Radio, Phonograph, TV, Phone Collectibles Gramophones are a truly unique collectible and when they are in good condition, they offer not only enhanced value, but you may actually be able to use it. When you are shopping for a gramophone, there are a few things that you need......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site