Neowin is reporting that Mark Dowd (IBM ISS) and Alexander Sotirov (VMware) demonstrated a way to bypass all of Windows Vista’s memory protection safeguards using a web browser. The kicker? It isn’t a vulnerability, per se, but rather exploiting how the entire system is set up. Neowin continues:
According to Dino Dai Zovi, a popular security researcher, “the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.”
After news that the DNS flaw is much worse than initially thought, it appears the annual Black Hat conference is having a very productive session.
Articles RSS