Posts Tagged ‘Intel SMEP’

Intel SMEPAccording to the research center of “Positive Research”, found a vulnerability in the RTM-version of Microsoft Windows 8. In the security analysis of the new OS has been found the ability to bypass security technologies Intel SMEP.

This class of vulnerabilities is considered the most dangerous, because the successful operation of the kernel-mode attacker gains complete control of the target system, without limitation security OS.

As it turned out, the incorrect configuration of x86 versions of Windows 8 attacker can bypass security restrictions Intel SMEP, using the weaknesses of protection in 32-bit versions of Windows 8 and information about the address space of the operating system. Implementing support for SMEP in x64-version of Windows 8 is more secure, but it is now too fragile. The experts of the Research Center “Positive Research” demonstrated bypass protection in the OS environment using an approach known as “back-Oriented Programming” (return-oriented programming, ROP). (more…)

Intel SMEPWith the new generation of Intel architecture-based Ivy Bridge was presented a new hardware-based security. It’s called Intel SMEP.  

It adds a headache when exploiting vulnerabilities kernel mode, Like bit NX, prevents code execution on the memory page.

In turn, Microsoft has implemented support for SMEP in Windows 8, thereby making the OS more secure. However, the first implementation of the “head-on” support SMEP turned with a small defect, through which the attacker is still possible for a relatively painless operation vulnerabilities.

What is SMEP?

SMEP stands for “Supervisor Mode Execution Protection” – preventing the execution of code in the supervisor mode. Supervisor mode – is the preferred mode of operation of the processor, which executes the kernel of Windows 8. In terms of operating systems, this is called as kernel mode. Opposite to it is the user mode – In this mode execute user applications. (more…)