funsec mailing list archives
Re: Microsoft not always eating their own /DYNAMICBASE dogfood
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 23 Dec 2010 21:43:04 -0500
On Thu, Dec 23, 2010 at 6:20 PM, Larry Seltzer <larry () larryseltzer com> wrote:
http://blogs.pcmag.com/securitywatch/2010/12/exploit_for_unpatched_ie_vulne.php http://blogs.pcmag.com/securitywatch/2010/12/ie_0-day_shows_microsoft_devel.php In case you hadn’t heard, there was an IE 0-day which, because a particular DLL was linked without /DYNAMICBASE, can bypass ASLR and DEP. MS says there’s no reason not to use EMET to rebase the DLL, so I ask why they didn’t make it that way to begin with. Turns out /DYNAMICBASE isn’t really required by the SDL. Shouldn’t it be required unless you have a damn good reason not to use it? Something’s wrong with this picture.
In 'Writing Secure Code for Windows Vista', Howard and LeBlanc dedicate 4 pages to ASLR. In their "Call for Action" (page 72), they state all software should use ASLR, Heap Defenses, NX, /GS, and SafeSEH. I wonder what else was not followed. Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Microsoft not always eating their own /DYNAMICBASE dogfood Larry Seltzer (Dec 23)
- Re: Microsoft not always eating their own /DYNAMICBASE dogfood Jeffrey Walton (Dec 23)