White hackers has built reliable exploits of two of the core security mitigations included in the most recent releases of Windows, including Windows 7
and Windows Vista. Security researchers have put together attacks against Windows security measures and managed to circumvent the added protection delivered by Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). Both Vista and Windows 7 feature DEP and ASLR and so far the two security mitigations have held their own against attacks, making exploits targeting Vista and Windows 7 difficult enough to discourage attackers from even trying. Vista has a proven track record of delivering more protection to end users compared to Windows XP, being impacted by far less vulnerabilities. Windows 7, released for the general public barely three months ago, has yet to prove itself.
According to The Register
, both the attacks that bypass DEP and ASLR use Adobe Flash as a vector of attack. Security researcher Dionysus Blazakis, leveraged the just-in-time compiler in Flash in order to put large portions of identical shell code in the memory of the attacked machine. The technique then allowed the white hacker to render ASLR virtually useless, and estimate the position of executable images of .EXE and .DLL files. Such an action would be extremely difficult to perform under normal conditions, since ASLR is designed to randomize the position of executable images in the computerís