For the history of Windows, hackers have been able to reliably exploit memory flaws. With Microsoft's next operating system, that situation is set to change.
With its latest beta version of Windows Vista, the software giant has incorporated a technology that shifts the start address of frequently used code libraries after every system restart. Called Address Space Layout Randomization (ASLR), the technology makes exploitation of most memory flaws much less reliable. In a a blog posting last weekend, Stephen Toulouse, security program manager for Microsoft's Security Response Center, said the function has been turned on by default as of Windows Vista Beta 2.
"Take any two Windows machines and you'll find that certain function entry points can be more easily used during remote exploitation of vulnerabilities because they are in predictable locations for each machine you are attacking," Toulouse wrote. "Address Space Layout Randomization (ASLR) changes that by randomizing their location in memory. So an automated attack can no longer take for granted that the memory layout for any given Windows Vista machine is the same."
The latest piece of the security puzzle from Microsoft adds to other features--such as the GS flag, data execution protection, and function-pointer obfuscation--to make the system much harder to exploit than previous versions of Windows.
Microsoft has focused significant resources on enhancing the security of its flagship operating system. Originally slated to roll out this summer, the consumer version of Windows Vista has been delayed until at least January 2007 due to quality and security concerns, the software giant said in March. The company patched a flaw in the beta version of the operating system in January.
Posted by: Robert Lemos