Jun 10, 2010

Researchers claim “fundamental flaw” in Windows 7

Two security researchers have claimed there is a major security flaw in the way Windows 7 interacts with the hardware of its host machine. They argue it could be extremely difficult to fix the issue.
The problem involves Direct Memory Access. That’s a computer feature by which part of the chipset on the motherboard is able to directly access the computer’s memory. The main advantage of doing so is that data can be transferred from one device to another without needing to be routed through the CPU and soaking up processing power.
Christophe Devine and Damien Aumaitre from Sogeti/ESEC have said that the way the 64-bit edition of Windows 7 uses DMA could be manipulated to allow a hacker to access the computer’s memory and thus run malicious software.

They’ll be keeping the precise details of how the problem works secret until a presentation at the Hack in the Box security event in Amsterdam next month. That delay is also designed to allow Microsoft time to examine the issue.
There are some clues in the pair’s announcement that they’ll be demonstrating a PCMIA card-based attack at the event. The card is better known as a PC card, a device used for external storage on laptops. That implies a hacker would need physical access to a machine, though of course that’s much more likely to occur with a laptop. It will be revealing to see how long the demonstration attack takes and thus how practical it would be to carry out on an unattended machine.
There doesn’t appear to be any evidence of the hacking community knowing the details of the issue or attempts to exploit it. However, anyone who is particularly concerned and doesn’t mind the potential performance loss, could follow these Microsoft instructions for turning off DMA. They require access in administrator mode.

"1. Open Control Panel and then open Device Manager. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
2. Double-click or expand IDE ATA/ATAPI controllers.
3. Under IDE ATA/ATAPI controllers, for each item that has the word Channel as part of its label, right-click the item, and then click Properties.
4. Click the Advanced Settings tab. Under Device Properties, select or clear the Enable DMAcheck box and then click OK. "
Related Posts Plugin for WordPress, Blogger...