This is getting ridiculous, just how many attack vectors does Windows have? They need to do a Windows redesign with only the basic functions. Most apps don't even use most of the Windows API's, at least that's my impression. http://www.zdnet.com/article/code-injection-exposes-all-versions-of-windows-to-cyberattack/
http://blog.ensilo.com/atombombing-a-code-injection-that-bypasses-current-security-solutions https://breakingmalware.com/injection-techniques/atombombing-brand-new-code-injection-for-windows/
This is going to be interesting. MS can not patch it as Atom Tables are so interwoven into the OS (all versions). A Windows rewrite may be the only option according to some researchers. If this exploit is as potent as the reports say it is, it makes all Windows versions vulnerable - now the most insecure OS out there!!! Though a stretch to say so, it is not a good message for Enterprises, Business, Education, Governments and consumers. If the bad guys get hold of this en masse it has the possibility of doing widespread damage. Windows users would have to go offline to avoid the exploit. Security programs and firewalls will not stop the execution of the exploit. It is now a wait and see game.
I've read that some certain AV's and HIPS can already spot it, but I don't have any more info. According to Erik Loman, HMPA should be able to stop it because this attack uses ROP in order to inject code.
It is good news that they have narrowed it down this quickly. I do not know of any AVs that can detect a ROP chain exploit, much less prevent it. HIPS can detect ROP exploitation and prevent shell code execution, so can anti-exploit security products. @Rasheed187. HMPA would be a candidate, as well as MBAE and EMET. I see online that others are claiming they can also prevent it. Unfortunately, not too many 'average Joes' use HIPS or AE security products to protect their systems.
Yes, I assume some advanced HIPS for the corporate market will probably spot it. Perhaps they don't block the code injection itself, but monitor certain API's inside process memory for modification.
