Kernel Patch Protection gets broken -- again
Once again, before Vista even ships, PatchGuard has been hacked, proving again that relying on Microsoft and only Microsoft to protect users of the x64 versions of Windows Vista is just flat out not going to work.
As I have noted in this blog before, this is like putting the same lock on all doors for all the houses in the world and hoping they would hold all burglars at bay. As hackers discover how to break into and bypass the KPP, all users will automatically become unprotected and face the highest security risk conceivable. They will be forced to rely on the ability of Microsoft and only Microsoft to deliver weekly, monthly and out of-cycle patches that often lag behind hackers by a margin of days, if not weeks, to plug the holes in Vista that Microsoft left open.
At the Black Hat conference in August 2006, malware experts saw one way to break into the Vista kernel. As a result, Microsoft was forced to patch Kernel Patch Protection.
This week, as reported by eWeek and several other news organizations, KPP has been hacked again. This time security software maker Authentium reported that a new version of its Authentium ESP Enterprise Platform product can bypass Kernel Patch Protection in Vista x64.
Microsoft has furiously reacted to the news confirming it will issue a fix as part of the standard Microsoft Security Response Center process. That means that virtually all x64 users are vulnerable until Redmond releases that patch.
Let’s underline the irony here. PatchGuard is supposed to make x64 Vista invulnerable – but Microsoft has to patch it, for the second time, even before Vista officially ships?
This is not the price users should be asked to pay to stay secure.
“Good intentions lead to hell,” as the saying goes, and this is what is happening with Microsoft’s decision to “improve” the security of its operating systems by making it impossible for robust third-party security solutions to interoperate with Vista.
Mikhail Penkovsky,
Director of Sales and Marketing, Agnitum Ltd.
As I have noted in this blog before, this is like putting the same lock on all doors for all the houses in the world and hoping they would hold all burglars at bay. As hackers discover how to break into and bypass the KPP, all users will automatically become unprotected and face the highest security risk conceivable. They will be forced to rely on the ability of Microsoft and only Microsoft to deliver weekly, monthly and out of-cycle patches that often lag behind hackers by a margin of days, if not weeks, to plug the holes in Vista that Microsoft left open.
At the Black Hat conference in August 2006, malware experts saw one way to break into the Vista kernel. As a result, Microsoft was forced to patch Kernel Patch Protection.
This week, as reported by eWeek and several other news organizations, KPP has been hacked again. This time security software maker Authentium reported that a new version of its Authentium ESP Enterprise Platform product can bypass Kernel Patch Protection in Vista x64.
Microsoft has furiously reacted to the news confirming it will issue a fix as part of the standard Microsoft Security Response Center process. That means that virtually all x64 users are vulnerable until Redmond releases that patch.
Let’s underline the irony here. PatchGuard is supposed to make x64 Vista invulnerable – but Microsoft has to patch it, for the second time, even before Vista officially ships?
This is not the price users should be asked to pay to stay secure.
“Good intentions lead to hell,” as the saying goes, and this is what is happening with Microsoft’s decision to “improve” the security of its operating systems by making it impossible for robust third-party security solutions to interoperate with Vista.
Mikhail Penkovsky,
Director of Sales and Marketing, Agnitum Ltd.
posted by Agnitum BLOG at 10/27/2006 07:22:00 PM
Bookmark this post: 
0 Comments:
Post a Comment
<< Home