back to article BoundHook: Microsoft downplays Windows systems exploit technique

Features of the Intel MPX designed to prevent memory errors and attacks might be abused to launch assaults on Windows systems, security researchers claim. Windows 10 uses Intel to secure applications by detecting boundary exceptions (common during a buffer overflow attack). An exploit technique by CyberArk Labs uses the …

  1. JakeMS

    Really?

    They're just going to dismiss this? While yes, on its own it would require you to have access, what about when combined with other attacks?

    So that's GhostHook and BoundHook open right? Neither patched? Okay, so if another exploit is found, say a remote one, you can get in and then use these to make yourself undetected? Nice!

    No matter how large or small or even likely a security bug is, if its known and confirmed then it should be patched regardless, have we learned nothing from the years of exploits being used on unpatched systems to steal data?

    1. Anonymous Coward
      Anonymous Coward

      Re: Really?

      It's plausible deniability, they can say that although this wasn't fixed they had to use some other problem to gain access in the first place so they can't be held liable if someone uses this after something else.

      That's probably why it's low risk to them and not worth spending money on a fix.

      Makes you wonder though what other exploits they have ignored over the years.

      Anything that can bypass anti-virus in my opinion should be at the top of the fix list.

    2. Jim Mitchell

      Re: Really?

      From the article linked to:

      "Please note, this is neither an elevation nor an exploitation technique. This technique can be used in a post-exploitation scenario in which the attacker has control over the asset."

      1. Anonymous Coward
        Anonymous Coward

        Re: Really?

        post-exploitation scenario.

        I have owned your asset and I don't want you to detect me so I use this exploit to hide from anti-virus leaving you to update and do whatever safe in the knowledge that I'm going nowhere leaving you in the belief that you cleared my original attack.

        That's what makes it all the more dangerous. Sure, you have to own the asset in the first place but it's the not knowing if you cleared it that's the problem and an undetectable Trojan is not something you want people to have the ability to create. This scenario is from the web but what if someone has physical access and plants something that gains elevated privileges then hides?

        Maybe it's a feature?

        1. Anonymous Coward
          Anonymous Coward

          Re: Really?

          Maybe it's a feature?

          All ready for the three letter agencies to use with impunity.

          1. Anonymous Coward
            Anonymous Coward

            Re: Really?

            You know there was a time in the not too distant past where you would have been directed to your local shop for some tinfoil.

            How times have changed.

        2. CrazyOldCatMan Silver badge

          Re: Really?

          Sure, you have to own the asset in the first place

          "Flash - the gift that keeps on giving" will ensure that you always have a ready way of doing this. Or MS Office..

  2. Anonymous Coward
    Anonymous Coward

    "Well, if someone is intent on running Windows, and connecting it to the Internet - then they're already screwed"

  3. steamnut

    We are just a revenue source

    Be it Microsoft, Oracle, Intel, Dell, Cisco, AOL or other large corporates (you know who you are) we are now only viewed as a monthly revenue stream. We have no right of redress if things don't work out. If they leak our personal details tough; if the 365/ service fails tough.

    It's about time we had an automatic contractual right to getting compensation when things go wrong with these companies. If our direct debits fail they cut us off real quick don't they?

    I'm tired of hearing the boiler plate responses when things go wrong. "you call is important or we take your security seriously" no longer cut's it for me. They are abusing their size and treating us mere mortals as peasants. (rant over).

  4. Aodhhan

    Yes, we get it... but

    Sure, it's a post exploit technique I can write malware to exploit.

    Which means after you 'finally' detect something and shut down the pseudo hacking applications put in to make yourself feel good after it's gone... the real malware is taking advantage of this 'feature' *cough* to continue to send me information and provide permissions to the now hidden malware.

    Is anyone confident the servers at any of the recent breaches are completely free of malware?

    ...I doubt it.

  5. Anonymous Coward
    Anonymous Coward

    Finite resources

    Oh come on people. Any software creator, be they commercial or otherwise, has finite resources. They are going to be receiving reports of all kinds of bugs and security issues on a regular basis.

    Personally, I'd rather they prioritise fixing the ones that might cause my otherwise clean system to be compromised.

    If your only form of defence is to rely on your own system to tell you that it is indeed clean, you've failed. You detect infected or misbehaving systems by using independent monitoring of the network and other activity of the system.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like