MS Watches as Vista Gets 0wn3d by Rootkit | CIO Insight
News & Trends
SHARE
Facebook X Pinterest WhatsApp

MS Watches as Vista Gets 0wn3d by Rootkit

Written By
Ryan Naraine
Ryan Naraine
Aug 4, 2006
2 minute read

LAS VEGAS—Ben Fathi slipped into the darkened, standing-room-only conference room and took a seat on the carpeted floor.

On the Black Hat stage, malware researcher Joanna Rutkowska, of COSEINC, was discussing a new technique that could plant an offensive rootkit in Windows Vista, Microsoft’s “most secure ever” operating system.

As corporate vice president for Microsoft’s STU (Security Technology Unit), it is Fathi’s responsibility to deliver on Vista’s security promise, and Rutkowska’s claim—complete with live demo—that a key anti-rootkit feature can be easily defeated could be a public relations nightmare.

But Fathi was unperturbed. Almost unnoticed in the crowd, he paid close attention to Rutkowska’s slides and didn’t even flinch when the room erupted in applause as the demo succeeded in loading unsigned code into Vista Beta 2 kernel (x64), without requiring a reboot.

“This is the reason we’re here. To see the advancements in research and work closely with these guys [white hat hackers] to figure out what’s working and what’s not working,” Fathi said in an interview with eWEEK immediately after the presentation.

“We’ve already fixed that path [of attack] … It’s beta software that will have bugs. That [attack scenario] has already been fixed in later builds,” Fathi said.

Read more here about Microsoft’s efforts to harden Vista against attacks by kernel-mode malware.

Rutkowska, a Windows Internals expert, was one of several stealth malware researchers using Black Hat, the preeminent hacker conference, to discuss advancements in rootkit creation.

During her talk, she described how scripts can be used to allocate excess amounts of memory to a process, forcing the target system to page out unused code and drivers. At this stage, Rutkowska showed how shell code could be executed inside one of the unused drivers, completely defeating the new device driver signing policy being implemented in Vista to only allow digitally signed drivers to load into the kernel.

Rutkowska created a one-click tool to plant the rootkit and used special heuristics to automatically find out how much memory should be allocated to “knock the unused driver.”

Read the full story on eWEEK.com: MS Watches as Vista Gets 0wn3d by Rootkit
Ryan Naraine
CIO Insight Logo

CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need to maintain regulatory compliance for their teams and organizations. CIO Insight is an ideal website for IT decision makers, systems integrators and administrators, and IT managers to stay informed about emerging technologies, software developments and trends in the IT security and management industry.

facebook
linkedin
rss
x

Company

Contact us Advertise with us

Categories

IT Management IT Strategy News & Trends Blogs Case Studies Books for CIOs

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information