Exploit Mitigation Improvements In Windows 8

http://media.blackhat.com/bh-us-12/Briefings/M_Miller/BH_US_12_Miller_Exploit_Mitigation_Slides.pdf

Goes into the details of the ASLR improvements as well as GS improvements, among other things. Some of these changes are pretty significant.

 

Very good read HM, thanks for the link, some great improvements in Windows 8. Also worth nothing is the improvements in the 64bit build over the 32bit build of Windows 8, it's not just isolated to entropy.

Interesting quote:

This seems to hold true with what we've been seeing, less OS exploits and more program exploits.

I am, however, beginning to loose track of all the acronyms! :s

 

Yeah, it's one of the clearer reports I've seen.

There are definitely very few OS exploits over the last few years due to the recent changes and MS is ensuring that that continues with Windows 8. The nice thing is that these techniques can all be used by programs and the information leaks being removed will help every program, not just the OS.

Still, Vupen broke IE10 (not Enhanced Protected Mode but that's less relevant since this is about memory protection) so there's clearly still work to be done. I'm wondering what they used.

My guess is that information leaks are going to be valued much higher now and we'll be seeing many more of them.

 

Well as you know it's a cat and mouse game not a winning game, there never stops being work to be done.

 

True. Without details it's a bit of a pain to speculate.

For example if this were simply some data disclosure but I'd say Microsoft is on the "winning side" but if it's another issue like UserSharedData allowing for generic ASLR bypasses I'd say it's a more serious issue.