Latest EMET Bypass Targets WoW64 Windows Subsystem

msm1267 writes: Backwards compatibility, a necessary evil for Microsoft and its need to support so many legacy applications on Windows, may be its undoing as researchers have found a way to exploit this layer in the operating system to bypass existing mitigations against memory-based exploits. Specifically in this case, researchers slid past Microsoft's Enhanced Mitigation Experience Toolkit, or EMET, a suite of more than a dozen freely available mitigations against memory attacks. The soft spot, the researchers said, is the Windows on Windows, or WoW64, Windows subsystem that allows 32-bit software to run on 64-bit Windows machines. The researchers said 80 percent of browsers in their sample size were 32-bit processes executing on a 64-bit host running WOW64, meaning they're all vulnerable to this attack.

Re:nobody uses 64 bit browsers?

See how simple it can be when you have source? For those who invested in the Microsoft ecosystem, I wish them the best of luck.

To suggest that Firefox for Windows is not open-source is disingenuous. You can compile Firefox yourself on Windows, too. It's not that difficult and can be done using the free version of Visual Studio.

Microsoft makes the legacy apps

I noticed Visual Studio is only 32 bit only, and defaults to making 32 bit builds. I don't think Microsoft is big on the whole 64 bit thing.

Fun fact: your 32 bit DLLs are in syswow64 and your 64 bit ones are in system32. Legacy makes such a mess when you don't plan ahead...

Re:nobody uses 64 bit browsers?

I just compile Firefox from source since this is a Gentoo system.

The ability to compile Firefox from source isn't exclusive to Gentoo, you can do it on Windows or OSX as well if you want.

For those who invested in the Microsoft ecosystem, I wish them the best of luck.

It's not that hard, just follow the guides here or here.