Released: Exploit code to bypass DEP security in Windows

Google security software engineer Berend-Jan Wever has published proof-of-concept code on how to bypass Microsoft's data execution prevention technology, or DEP. First introduced in Windows XP Service Pack 2, DEP prevents malicious code from executing in memory spaces not meant for code execution. This helps the operating system defend against various types of attacks, including those based on buffer overflows.

Wever worked for Microsoft as a security software engineer from 2006 to 2008. In his personal blog, he says that the decision to publish the exploit is to demonstrate that the combined use of ASLR and DEP are not a mitigation to "put a lot of faith in." ASLR stands for address space layout randomization, a technique in which the position of key memory areas are randomly shuffled around to thwart hackers from predicting whether their exploit code will actually run.

Where ASLR is concerned, Wever wrote that on the x86 platform at least, "32-bits does not provide sufficient address space to randomize memory to the point where guessing addresses becomes impractical, considering heap spraying can allow an attacker to allocate memory across a considerable chunk of the address space and in a highly predictable location."

Heap spraying was a technique Wever popularized in 2005 to make exploits against browsers more efficient. Senior threat researcher at Trend Micro David Sancho noted that the demonstration "is pretty significant." According to Sancho, "This can be used to further enhance exploits, and I expect that we'll start seeing it being used within exploits fairly soon."

For more on this story:
- check out this article at Computerworld
- check out Wever's personal blog

Related Articles:
Moving to exploit SSD in the enterprise
Adobe to push out new Acrobat security patches today
Serious flaw discovered in Microsoft IIS
Hackers fix Microsoft security patch BSOD problem