Smashing the Atom

Recommended Posts

Posted July 26, 2012

About Me

Security Researcher at Azimuth Security

Past presentations

Heaps of Doom (/w Chris Valasek)

Kernel Attacks Through User-Mode Callbacks

Kernel Pool Exploitation on Windows 7

Generally interested in operating system internals and bug finding

Recent focus on embedded platforms

This Talk

A rather unusual Windows bug class

Affects Windows atoms

3 vulnerabilities patched 2 days ago in MS12-041

Allows a non-privileged user to run code in the context of a privileged process

E.g. the Windows login manager (winlogon)

No need to run arbitrary code in Ring 0

DEP/ASLR? SMEP? No problem!

Download:

http://mista.nu/research/smashing_the_atom.pdf

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

Only 75 emoji are allowed.

× Your link has been automatically embedded. Display as a link instead

× Your previous content has been restored. Clear editor

× You cannot paste images directly. Upload or insert images from URL.