Latest EMET Bypass Targets WoW64 Windows Subsystem (threatpost.com)

Posted by samzenpus on Wednesday November 4, 2015 @03:00PM from the protect-ya-neck dept.

msm1267 writes: Backwards compatibility, a necessary evil for Microsoft and its need to support so many legacy applications on Windows, may be its undoing as researchers have found a way to exploit this layer in the operating system to bypass existing mitigations against memory-based exploits. Specifically in this case, researchers slid past Microsoft's Enhanced Mitigation Experience Toolkit, or EMET, a suite of more than a dozen freely available mitigations against memory attacks. The soft spot, the researchers said, is the Windows on Windows, or WoW64, Windows subsystem that allows 32-bit software to run on 64-bit Windows machines. The researchers said 80 percent of browsers in their sample size were 32-bit processes executing on a 64-bit host running WOW64, meaning they're all vulnerable to this attack.

2 of 125 comments (clear)

Min score:

Reason:

Sort:

Linux solved this by Anonymous Coward · 2015-11-04 15:04 · Score: 2, Funny

by constantly breaking the ABI.
WoW64? by U2xhc2hkb3QgU3Vja3M · 2015-11-04 16:22 · Score: 2, Funny

I think World of Warcraft has been a 64-bit application for quite some time now.
Fight for your bitcoins!