Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest EMET Bypass Targets WoW64 Windows Subsystem (threatpost.com)

Posted by samzenpus on from the protect-ya-neck dept.

msm1267 writes: Backwards compatibility, a necessary evil for Microsoft and its need to support so many legacy applications on Windows, may be its undoing as researchers have found a way to exploit this layer in the operating system to bypass existing mitigations against memory-based exploits. Specifically in this case, researchers slid past Microsoft's Enhanced Mitigation Experience Toolkit, or EMET, a suite of more than a dozen freely available mitigations against memory attacks. The soft spot, the researchers said, is the Windows on Windows, or WoW64, Windows subsystem that allows 32-bit software to run on 64-bit Windows machines. The researchers said 80 percent of browsers in their sample size were 32-bit processes executing on a 64-bit host running WOW64, meaning they're all vulnerable to this attack.

3 of 125 comments (clear)

  1. That's why Windows 10 should have ONLY been 64-bit by unixisc · · Score: 3, Interesting

    As it is, Windows 8 broke a lot of compatibility w/ Windows 7. There really was no reason to have a 32-bit version of either Windows 8 or 10. All win32 applications were XP applications, so all that could have simply been run on XP-Mode or Hyper-V on Windows 10 platforms.

    WoW64 should really be deleted, and only 64-bit Windows programs should be developed. VirtualPC should be brought back to Windows 10, and all win32 applications should be run only under that, and not under native win64 systems like Windows 10 or 8.

  2. Re:That's why Windows 10 should have ONLY been 64- by Mal-2 · · Score: 3, Interesting

    This would kill the usefulness of Windows 10 for existing games, practically all of which are 32-bit. Without remaining a strong platform for gaming, it would be difficult (to say the least) to upsell a large portion of the existing user base. I suppose you can argue that native 32-bit versions should be discontinued, but that's a totally different argument from saying that WoW64 should be discontinued.

    --
    How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
  3. Re:Wow64 has the 32 bit... by aberglas · · Score: 3, Interesting

    Windows did something far weirder than focus on the ABI.

    The WoW64 folder holds the 32 bit DLLs while the System32 folder holds the 64bit DLLs. There is then black magic that usually redirects 32 bit applications to the different Wow64 folder.

    The idea was not binary compatibility but source compatibility. Someone in the hierarchy must have dictated that C programs must be able to be recompiled in 64bit with zero code changes. Only an MBA with zero programming background could think that this largely impossible mandate justifies permanently twisting the system with weird rules.

    Don't get me started on Program Files (X64) ...