Just wondering what means?

I read about this on the matousec website and I think I understand that it has something to do with security flaws, but I'm not exactly sure what it really means. I knew this was the place to ask though.

http://www.matousec.com/projects/wi...lysis/plague-in-security-software-drivers.php

 

Actually it isn't.

 

It is not about security flows, it is about programming flaws that may lead to BSOD's.

 

From article

Generally, there is no common pattern for exploiting these bugs. An invalid memory read will only produce a BSOD. However, some special cases of missing ProbeForWrite validation can certainly be exploited and may lead to a privilege escalation or even a local root exploit. For example, a missing parameter validation on an OUT PHANDLE argument may, in some cases, be exploited to bypass system's security checks or modify kernel objects. The outcoming value of a newly opened handle can be predicted and if we set this parameter to point somewhere in the kernel, for example inside the kernel structures or a carefully selected address inside kernel code, we can alter the code flow and bypass access checks.

As I understand it, because XP does not use address space randomisation, an incorrect error handling could result to a 'logic drop through'. When the writer of the malware would know where to point to he/she could get access to the kernel even with limited user rights. Most of the exceptions would lead to BSOD/other exceptions as Ilya points out.

Looks quite theoretical to me, because it requires a lot of research and trial on error to make this work (no common pattern to exploit these [program] bugs). If I was a hacker I would direct this to companies in stead of ordinary PC users when putting so much effort into code like this.

Regards Kees