Michael S. Mimoso, Editorial Director
LAS VEGAS -- Enhanced Windows 8 memory protection features in the upcoming Microsoft OS could help drastically reduce the number of successful memory-based attacks, according to a security researcher who studied operating system improvements.
The protections could help reduce the number of heap-based memory buffer overflow attacks, said Chris Valasek, a senior security scientist at San Francisco-based application development testing firm Coverity Inc. Attacks using the heap memory manager help cybercriminals overwrite important program processes, using overflows to install malware on a victim's system.
More from Black Hat 2012
For all the news, analysis, commentary and video interviews from Las Vegas, visit SearchSecurity.com's Black Hat 2012 special coverage page.
Valasek said Microsoft has made it much harder for attackers to use the memory manager against itself in an attack. In-line metadata – certain pieces of information that were in predictable locations – were taken out-of-band. Memory allocated with code execution also doesn't always come from a predictable location, Valasek said.
"All the public ways to subvert this memory manager up until Windows 8 were remediated in Windows 8," Valasek said in an interview with SearchSecurity.com. "Microsoft took a long deep look at it and solved most of these problems."