Exploit Mitigation Improvements in Win 8

Presented at Black Hat USA 2012, July 25, 2012, 5 p.m. (60 minutes)

Over the past decade, Microsoft has added security features to the Windows platform that help to mitigate risk by making it difficult and costly for attackers to develop reliable exploits for memory safety vulnerabilities. Some examples of these features include Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Visual C++'s code generation security (GS) protection for stack-based buffer overruns. In Windows 8, Microsoft has made a number of substantial improvements that are designed to break known exploitation techniques and in some cases prevent entire classes of vulnerabilities from being exploited. This presentation will provide a detailed technical walkthrough of the improvements that have been made along with an evaluation of their expected impact. In closing, this presentation will look beyond Windows 8 by providing a glimpse into some of the future directions in exploit mitigation research that are currently being explored by Microsoft. <!--

Presenters:

• Ken Johnson
• Matt Miller

Links:

• https://www.blackhat.com/html/bh-us-12/bh-us-12-archives.html#Miller2
• https://media.blackhat.com/bh-us-12/Briefings/M_Miller/BH_US_12_Miller_Exploit_Mitigation_Slides.pdf

Similar Presentations:

• ShmooCon XII (2016) / The Road to SYSTEM: Recycling Old Vulnerabilities for Unpatched Privilege Escalation and A New Network Attack
• Black Hat USA 2016 / Windows 10 Mitigation Improvements
• DeepSec 2014 „Do you want to know more?“ / Reliable EMET Exploitation