Is there a way to bypass the security Intel SMEP in Windows 8

Posted: October 20, 2012 in IT Security News
Tags: , , ,

Intel SMEPAccording to the research center of “Positive Research”, found a vulnerability in the RTM-version of Microsoft Windows 8. In the security analysis of the new OS has been found the ability to bypass security technologies Intel SMEP.

This class of vulnerabilities is considered the most dangerous, because the successful operation of the kernel-mode attacker gains complete control of the target system, without limitation security OS.

As it turned out, the incorrect configuration of x86 versions of Windows 8 attacker can bypass security restrictions Intel SMEP, using the weaknesses of protection in 32-bit versions of Windows 8 and information about the address space of the operating system. Implementing support for SMEP in x64-version of Windows 8 is more secure, but it is now too fragile. The experts of the Research Center “Positive Research” demonstrated bypass protection in the OS environment using an approach known as “back-Oriented Programming” (return-oriented programming, ROP).

Experts “Positive Research” also reported on other potential vector bypass protection SMEP (including a version of Windows x64-8) – Operating party drivers that do not yet use a special non-executable pools for storing and transferring data.

A security Intel SMEP (Intel Supervisor Mode Execution Protection) was first implemented in the latest Intel architecture-based Ivy Bridge, appeared on the market in April 2012 technology is to prevent malicious code execution in kernel mode. It was assumed that in terms of attacking the tool complicates exploitation requires kernel mode and protects the system against a class of vulnerabilities, and known methods of operation.

Related links:

http://www.ptsecurity.com/download/SMEP_overview_and_partial_bypass_on_Windows_8.pdf

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s