Microsoft Blocks Windows Vista Rootkit Exploit

Microsoft has blocked the attack vector used to slip unsigned drivers past new security policies being implemented in Windows Vista, according to Joanna Rutkowska, the stealth malware researcher who created the exploit.

Rutkowska, who demonstrated the exploit at the Black Hat conference in August, said she tested the attack against Windows Vista RC2 x64 and found that the exploit doesn't work anymore.

"The reason: Vista RC2 now blocks write-access to raw disk sectors for user mode applications, even if they are executed with elevated administrative rights," Rutkowska wrote on her Invisible Things blog.

Rutkowska, a Windows Internals expert at Singapore-based IT security firm COSEINC, however warned that the way the exploit is being blocked could be problematic and cause application compatibility issues.

News source: eWeek via Bink

Report a problem with article
Previous Story

Windows Vista build 5808 Released to TAP

Next Story

You've got IE7.. Now Meet Some of the Team!

0 Comments

Commenting is disabled on this article.

There are no comments