Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

BoundHook: Microsoft downplays Windows systems exploit technique

It's just not a security vulnerability, says Redmond

Features of the Intel MPX designed to prevent memory errors and attacks might be abused to launch assaults on Windows systems, security researchers claim.

Windows 10 uses Intel to secure applications by detecting boundary exceptions (common during a buffer overflow attack). An exploit technique by CyberArk Labs uses the boundary exception as the hook itself to give attackers control of Windows 10 devices.

The researchers claim the so-called "BoundHook" technique creates a potential mechanism for hackers to exploit design of Intel Memory Protection Extensions to hook applications in user mode and execute code. According to CyberArk Labs, this malfeasance could, in theory, allow attacks to fly under the radar of antiviruses or other security measures on Windows 10, 32-bit and 64-bit OS devices.

Microsoft has downplayed the significance of the potential attack, telling CyberArk Labs that it's only useful as a technique for post-hack exploitation. MS dismisses the research as a "marketing report" from which The Reg infers it sees no need to have the tech patched.

A Microsoft spokesperson told The Reg: "The technique described in this marketing report does not represent a security vulnerability and requires a machine to already be compromised to potentially work. We encourage customers to always keep their systems updated for the best protection."

BoundHook is the second known technique discovered by CyberArk Labs to hook functions in Windows. The first technique, dubbed GhostHook, bypasses Microsoft attempts to prevent kernel-level attacks (e.g. PatchGuard) and uses this hooking approach to take control of a device. Microsoft dismissed the potential route of that attack as a low-risk threat, as we previously reported. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like