Uninformed: Informative Information for the Uninformed

Vol 5» 2006.Sep

The status of vulnerability research

Researchers employ a myriad of investigative techniques in the quest for vulnerabilities. In any case, there exists no silver bullet for the discovery of security related software bugs, not to mention the fact that several new security oriented kernel-mode components have recently been integrated into Microsoft operating systems that can make vulnerability investigations more difficult. Vista, particularly on the 64-bit edition, is integrating several mechanisms including driver signing, Secure Bootup using a TPM hardware chip, PatchGuard, kernel-mode integrity checks, and restricted user-mode access to \Device\PhysicalMemory. The Vista kernel also has an improved Low Fragmentation Heap and Address Space Layout Randomization. In later days, bugs were revealed via dumb fuzzing techniques, whereas this year more complicated bugs are indicating that knowledge of the format would require advanced understanding of a parser. Because of this, researchers are moving towards different discovery methods such as intelligent, rather than dumb, testing of drivers and applications.