Crash! Boom! Bang! Exploit! -- Redmondmag.com

Crash! Boom! Bang! Exploit!

The Windows Debugger plug-in explains all. Plus: IE 8 and Safari get taken down a notch; Conficker might be an April Fool's joke; Paladin rolls to the rescue.

By Jabulani Leffall
03/24/2009

To help developers identify mechanisms that lead to system crashes or have other security implications, Microsoft is rolling out the !exploitable (pronounced "bang exploitable") Crash Analyzer. The open source tool will be available as a free download at the Microsoft Security Engineering Center's Web site. The !exploitable utility is designed to help developers classify, assess and ultimately prevent program crashes, especially as they relate to exploits running loose in enterprise processing environments. It runs as a plug-in for the Windows debugger that classifies different crash scenarios, grouping them into what it calls "hashes." Based on information discovered on "major" and "minor" hashes, the tool isolates crashes and correlates them with bugs to determine the frequency of bug-related crashes or shutdowns caused by the same exploit.

IE 8, Safari Go Down a Notch
Prior to IE 8's launch last week, hackers at a security confab in Vancouver shot down Redmond's notion that the browser is the most secure one yet. The hackers found a hole in a matter of minutes, which led Microsoft's Security Response Center to admit that it's heading back to the drawing board to replicate the hole in IE 8 discovered by a hacker named Nils at the recent Pwn2Own contest in Canada.

Nils ran an exploit against IE 8 that made short work of Microsoft's data execution prevention function in IE 8 as well as its address space layout randomization technology. Both of these functions are two untested but highly touted features that come with IE8. With that trick, Nils won a Sony VAIO PC and $5,000.

Not to be outdone, as predicted hacker and security gadfly Charlie Miller broke into Apple's Safari on Mac OS X in two minutes, becoming a repeat champion -- he did the same thing last year -- and winning a MacBook and five grand, to boot.

This raises concern because if $5,000 and the thrill of sticking it to browser programs of industry giants is enough motivation, imagine what the inclinations of those with malicious intentions are.

Sick of Conficker
Security pros are bracing for next week -- yes, April 1 -- when a host of replicated botnets are expected to contact Web servers owned by the authors of the world's most pervasive malicious worm, Conficker.

It could be a non-event, like Y2K or it could be the biggest worm replication in the history of computing. It will probably fall somewhere in between, but no one seems to be taking any chances.

Symantec states the obvious when it says it's impossible to know ahead of time what stunt Conficker's controllers will pull next week. It advises IT pros that if their machines are already infected, those machines should be taken offline, with the work of deworming any workstation, server or whatever other hardware has been infected.

Meanwhile Redmond is currently collaborating with AOL, Verisign and Symantec, among others, to form a group to stop the self-replicating worm and has issued a reward of $250,000 for information leading to the wheareabouts and/or apprehension of the worm's authors.

Paladin Rolls to the Rescue
As Microsoft battles the worm on one front and a new IE exploit on another, the company's security researchers are in the lab working on defense mechanisms for future hacker attacks and outbreaks of automated bugs. Microsoft Malware Protection Center's security said it's working on an automated technology that quickens the analysis of vulnerabilities. The toolset is called Paladin, according to the software giant's Threat Research & Response Blog.

In the post, Redmond said the results of the new "technology are very positive on memory corruption vulnerabilities and allow our research team to decrease dramatically the amount of time spent analyzing those vulnerabilities."

Redmond admitted that there are vulnerabilities that Paladin is "not perfectly suited for today," but that it is nonetheless "working diligently to extend this capability towards even broader coverage and higher efficacy."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.