Mitigation Techniques

In the interest of not presenting a problem without a solution, the authors have devised a few different approaches that might be taken by Microsoft to solve this issue. Prior to identifying the solution, it is important to summarize the root of the problem. In this case, the authors feel that the problem at hand is rooted around a design flaw with the way the unhandled exception filter ``chain'' is maintained. In particular, the ``chain'' management is an implicit thing which hinges on the symmetric registering and deregistering of unhandled exception filters. In order to solve this design problem, some mechanism must be put in place that will eliminate the symmetrical requirement. Alternatively, the symmetrical requirement could be retained so long as something ensured that operations never occurred out of order. The authors feel that this latter approach is more complicated and potentially not feasible. The following sections will describe a few different approaches that might be used or considered to solve this issue.

Aside from architecting a more robust implementation, this attack vector may also be mitigated through conventional exploitation counter-measures, such as NX and ASLR.

• Behavioral Change to SetUnhandledExceptionFilter
• Prevent Setting of non-image UEF
• Prevent Execution of non-image UEF