Windows Server 2008 - Thoughts on security?qQaa

[angelisonline at gmail.com (Mr Gabriel)]

I think the rest of your mail got left behind :)
------------------

-----Original Message-----
From: "Martinez, Tino" <Tino.Martinez2 at Honeywell.com>

Date: Mon, 5 Nov 2007 09:17:05 
To:<framework at metasploit.com>
Subject: Re: [framework] Windows Server 2008 - Thoughts on security?qQaa

--------------------------
 Sent using BlackBerry
 
 
 ----- Original Message -----
 From: Rhys Kidd <rhyskidd at gmail.com>
 To: framework at metasploit.com <framework at metasploit.com>
 Sent: Mon Nov 05 07:48:58 2007
 Subject: [framework] Windows Server 2008 - Thoughts on security?
 
 Well with the first Release Candidate for Windows Server 2008 released, I thought the builds were getting stable and 
close enough to a shipping product to warrant some investigation.
 Part of my poking and prodding so far has been in the security space, seeing what changes have been made that would 
make reliable remote code execution more difficult.
 
 -Hardware DEP is on for all programs by default (and these days hardware supporting NX is pretty ubiquitous).
 -From MS comments, memory pages with DEP enabled are marked as invoilable (MEM_EXECUTE_OPTION_PERMANENT) ; once it's 
set the kernel shouldn't let you do a NtSetInformationProcess() again.
 -ASLR is employed for every system library and executable I've seen.
 -System components are compiled with stack canaries, and SafeSEH.
 
 The Viridian technology (Microsoft's latest incarnation of virtualisation) is also an area of relatively fresh code. 
Using Metasm to create hundreds of executables with random opcodes should be fairly easy to do, and Metasploit's psexec 
would let you start each executable on the target system fairly efficiently.
 
 I'm sure there's some on this list who've been "behind the wall" so to speak at Microsoft helping secure Windows 
Server 2008, but have any who've taken some time to look around the RC?
 
 Rhys