KASLR Bypass Mitigations in Windows 8.1

MrBrian · Nov 24, 2014

From KASLR Bypass Mitigations in Windows 8.1:

Although a number of undocumented interfaces and mechanisms still exist to query protected KASLR pointers, the attack surface has been greatly decreased - eliminating almost all non-privileged API calls, requiring at least Medium IL to use them (thus barring any Windows Store Apps from using them). This was great work done by the kernel security team at Microsoft, and continues to showcase the new lengths at which Windows is willing to go to maintain a heightened security posture. It’s only one of the many other exciting security changes in Windows 8.1
Click to expand...

From TSX improves timing attacks against KASLR:

KASLR can be bypassed in an OS-independed way; this post describes how the existing techniques can be improved utilizing TSX instructions.
Click to expand...

"An excellent paper" in the previous link links to the wrong document. I believe the correct link is Practical Timing Side Channel Attacks against Kernel Space ASLR.

safeguy · Nov 25, 2014

It's good to see Microsoft improving its security posture with the mitigations.

I believe KASLR on Windows will always be bypassable because it is a hybrid kernel in which most of the subsytem components run in the same address space as the kernel.

http://en.m.wikipedia.org/wiki/Hybrid_kernel
http://en.m.wikipedia.org/wiki/Kernel_(operating_system)

Log in or Sign up

KASLR Bypass Mitigations in Windows 8.1

MrBrian Registered Member

safeguy Registered Member

Log in or Sign up

KASLR Bypass Mitigations in Windows 8.1

MrBrian Registered Member

safeguy Registered Member

Useful Searches