According to the research center of “Positive Research”, found a vulnerability in the RTM-version of Microsoft Windows 8. In the security analysis of the new OS has been found the ability to bypass security technologies Intel SMEP.
This class of vulnerabilities is considered the most dangerous, because the successful operation of the kernel-mode attacker gains complete control of the target system, without limitation security OS.
As it turned out, the incorrect configuration of x86 versions of Windows 8 attacker can bypass security restrictions Intel SMEP, using the weaknesses of protection in 32-bit versions of Windows 8 and information about the address space of the operating system. Implementing support for SMEP in x64-version of Windows 8 is more secure, but it is now too fragile. The experts of the Research Center “Positive Research” demonstrated bypass protection in the OS environment using an approach known as “back-Oriented Programming” (return-oriented programming, ROP).
Experts “Positive Research” also reported on other potential vector bypass protection SMEP (including a version of Windows x64-8) – Operating party drivers that do not yet use a special non-executable pools for storing and transferring data.
A security Intel SMEP (Intel Supervisor Mode Execution Protection) was first implemented in the latest Intel architecture-based Ivy Bridge, appeared on the market in April 2012 technology is to prevent malicious code execution in kernel mode. It was assumed that in terms of attacking the tool complicates exploitation requires kernel mode and protects the system against a class of vulnerabilities, and known methods of operation.
Related links:
http://www.ptsecurity.com/download/SMEP_overview_and_partial_bypass_on_Windows_8.pdf