Vista Will Foil Office File-Format Attacks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
02:30 PM

Vista Will Foil Office File-Format Attacks

Vista's Address Space Layout Randomization approach will stop some kinds of exploits, notably those that rely on memory manipulation, by arranging key data areas randomly in the available address space.

New security features of Vista, among them memory randomization, will make it more difficult for attackers to exploit some kinds of vulnerabilities, including those in Microsoft's Office suite, security researchers said Wednesday.

Users updating to Windows Vista will be protected from the kind of attacks that plagued Office users this summer, when a slew of unpatched Word, Excel, and PowerPoint bugs were exploited by hackers suspected of operating from China.

Thomas Dullien, chief executive and head of research at the reverse-engineering tool developer Sabre Security, kicked off the discussion in his blog, where he noted that Vista's Address Space Layout Randomization will make file-format attacks moot.

"Client-side bugs in MS Office are approaching their expiration date. Not quickly, as most customers will not switch to Vista immediately, but they are showing the first brown spots and will at some point start to smell," said Dullien, who also goes by the nom de plume "Halvar.Flake." ASLR, which has been used in the Unix world for over a decade, stymies some kinds of exploits, notably those that rely on memory manipulation, by arranging key data areas randomly in the available address space. Microsoft's debut of the technique will be in Windows Vista.

"ASLR should be more effective at blocking the kinds of attacks on Office seen this year," agrees Oliver Friedrichs, director of Symantec's security response team. "It will make exploitation of memory management vulnerabilities much more difficult. Even if a developer makes a mistake in coding memory management, it shouldn't manifest itself in an exploit."

Although Office users may be better protected against file-format exploits when running Vista, those who rely on other applications may not, warns Friedrichs. "Third-party software may still be susceptible to these kinds of attacks," he says, since developers have to explicitly compile ASLR capabilities into their products.

Nor will ASLR and other security technologies new to Windows in Vista stop all attacks. In fact, the rise of attacks that don't rely on vulnerabilities but that depend on so-called "social engineering" tactics to trick users into opening malware or visiting malicious Web sites can be directly traced to improvements in Windows XP that are being expanded upon by Vista.

"Vista will not mean the end of malicious code," Friedrichs says. "Stack and heap protection will make an impact, but attackers will learn to work within the confines of Vista. Windows XP already introduced some of these [defensive] technologies, and one can make a correlation between the decrease in the number of widespread worms and [security] improvements in Windows XP SP2." As Vista rolls out new security technologies, cyber criminals will simply continue to shift their points of attack. "Attackers are moving up the application stack because they're being pushed out of the operating system," says Friedrichs. "They're now moving up the application stack and to the Web layer.

"And as for Vista's overall impact, I can't speak to that yet," concludes Friedrichs. "It will be more effective at blocking some kinds of current attacks, but I suspect there will be whole new areas [for attackers] to explore."

Microsoft plans to launch Windows Vista, as well as Office 2007, in the United States at a New York City event Thursday.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll