Security Adviser | Roger A. Grimes » Vista Security Bug Found at Blackhat...Not!!

August 05, 2006 | Comments: (0)

Vista Security Bug Found at Blackhat...Not!!

TAGS: None

Several "news" sources are reporting that a new bug in Vista security was released at Blackhat one day later in response to Microsoft's challenge to hack Vista. It's not the facts.

This is a well known bug ("the Blue Pill") that many of us have known about for quite some time. The founder has even been writing and presenting on it for many months.

http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html

It's been in the media for quite some time, and even my InfoWorld editor asked me to write a piece on it a few months ago (I declined because I wanted to get a better understanding of it after her Blackhat presentation).

The researcher has had conversations with Microsoft for many months and she announced she would publicly reveal it at Blackhat many months ago. Microsoft, I, and many, many mailing groups have been discussing Blue Pill for months. Microsoft even likes her and considers her to be one of the good guys (er...girls).

Like other malware code of its ilk, you must run an executable in pure
Administrative mode, which doesn't happen by default in Vista. So, any
exploit that starts with the words...you run an untrusted, unsigned
executable as Administrator, to get it to work...what exploit wouldn't work at that point?

What is interesting about this exploit is that she is able inject malware that comes undetectable using current detection methods. That's the take away.

This was not a one day bug found in response to Microsoft's Vista challenge at Blackhat.

Posted by Roger Grimes on August 5, 2006 12:28 PM

RATE THIS ARTICLE: