Latest EMET Bypass Targets WoW64 Windows Subsystem

msm1267 writes: Backwards compatibility, a necessary evil for Microsoft and its need to support so many legacy applications on Windows, may be its undoing as researchers have found a way to exploit this layer in the operating system to bypass existing mitigations against memory-based exploits. Specifically in this case, researchers slid past Microsoft's Enhanced Mitigation Experience Toolkit, or EMET, a suite of more than a dozen freely available mitigations against memory attacks. The soft spot, the researchers said, is the Windows on Windows, or WoW64, Windows subsystem that allows 32-bit software to run on 64-bit Windows machines. The researchers said 80 percent of browsers in their sample size were 32-bit processes executing on a 64-bit host running WOW64, meaning they're all vulnerable to this attack.

That's why Windows 10 should have ONLY been 64-bit

[unixisc]

As it is, Windows 8 broke a lot of compatibility w/ Windows 7. There really was no reason to have a 32-bit version of either Windows 8 or 10. All win32 applications were XP applications, so all that could have simply been run on XP-Mode or Hyper-V on Windows 10 platforms.

WoW64 should really be deleted, and only 64-bit Windows programs should be developed. VirtualPC should be brought back to Windows 10, and all win32 applications should be run only under that, and not under native win64 systems like Windows 10 or 8.

Re:That's why Windows 10 should have ONLY been 64-

[Mal-2]

This would kill the usefulness of Windows 10 for existing games, practically all of which are 32-bit. Without remaining a strong platform for gaming, it would be difficult (to say the least) to upsell a large portion of the existing user base. I suppose you can argue that native 32-bit versions should be discontinued, but that's a totally different argument from saying that WoW64 should be discontinued.

How about NO

[Sycraft-fu]

If you want a platform that breaks older shit, well then go ahead and find one. However many of us would like our software to keep working. WoW64 has been a great success because 32-bit apps run seamlessly and very fast. So you can just use whatever software you want. This has made widespread 64-bit adoption possible. If suddenly 80+% of your programs stop working because there's no compatibility layer, people just won't want to use it. Many, many programs these days are still 32-bit. You may not like that or agree with the choice, but it is what it is. I want to be able to run my software, I don't care about ideological purity.

Also you might want to do your research a bit better, VirtualPC -IS- back. It's called Hyper-V now and it is MS's all encompassing virtualization solution. You can have it on the desktop all the way up to big clusters of servers.

Re:It is obvious that support most be provided...

[Z34107]

If MS put real effort into providing good security [...]

You're bitching about an OS with mandatory access controls, DEP, ASLR, virtualized filesystem access, application whitelists, secure boot, and that runs its own authentication daemon in a VM so that not even the kernel itself can directly manage password hashes. You're doing this bitching in an article about a tool they maintain so you can harden and sandbox third-party programs, even when those programs weren't built with stack smashing or ASLR or all those neat Visual Studio canaries in mind.

[...]it would destroy the lucrative market for anti-malware software.

They bundle anti-malware software with the OS. They're, clearly, very concerned about not destroying all that filthy McAfee lucre.

Re:Wow64 has the 32 bit...

[aberglas]

Windows did something far weirder than focus on the ABI.

The WoW64 folder holds the 32 bit DLLs while the System32 folder holds the 64bit DLLs. There is then black magic that usually redirects 32 bit applications to the different Wow64 folder.

The idea was not binary compatibility but source compatibility. Someone in the hierarchy must have dictated that C programs must be able to be recompiled in 64bit with zero code changes. Only an MBA with zero programming background could think that this largely impossible mandate justifies permanently twisting the system with weird rules.

Don't get me started on Program Files (X64) ...