Latest EMET Bypass Targets WoW64 Windows Subsystem

msm1267 writes: Backwards compatibility, a necessary evil for Microsoft and its need to support so many legacy applications on Windows, may be its undoing as researchers have found a way to exploit this layer in the operating system to bypass existing mitigations against memory-based exploits. Specifically in this case, researchers slid past Microsoft's Enhanced Mitigation Experience Toolkit, or EMET, a suite of more than a dozen freely available mitigations against memory attacks. The soft spot, the researchers said, is the Windows on Windows, or WoW64, Windows subsystem that allows 32-bit software to run on 64-bit Windows machines. The researchers said 80 percent of browsers in their sample size were 32-bit processes executing on a 64-bit host running WOW64, meaning they're all vulnerable to this attack.

How about NO

[Sycraft-fu]

If you want a platform that breaks older shit, well then go ahead and find one. However many of us would like our software to keep working. WoW64 has been a great success because 32-bit apps run seamlessly and very fast. So you can just use whatever software you want. This has made widespread 64-bit adoption possible. If suddenly 80+% of your programs stop working because there's no compatibility layer, people just won't want to use it. Many, many programs these days are still 32-bit. You may not like that or agree with the choice, but it is what it is. I want to be able to run my software, I don't care about ideological purity.

Also you might want to do your research a bit better, VirtualPC -IS- back. It's called Hyper-V now and it is MS's all encompassing virtualization solution. You can have it on the desktop all the way up to big clusters of servers.

Re:It is obvious that support most be provided...

[Z34107]

If MS put real effort into providing good security [...]

You're bitching about an OS with mandatory access controls, DEP, ASLR, virtualized filesystem access, application whitelists, secure boot, and that runs its own authentication daemon in a VM so that not even the kernel itself can directly manage password hashes. You're doing this bitching in an article about a tool they maintain so you can harden and sandbox third-party programs, even when those programs weren't built with stack smashing or ASLR or all those neat Visual Studio canaries in mind.

[...]it would destroy the lucrative market for anti-malware software.

They bundle anti-malware software with the OS. They're, clearly, very concerned about not destroying all that filthy McAfee lucre.