Richi Jennings is an independent analyst/consultant, specializing in content marketing, email, spam, and other security topics. He’s won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.
He was previously CTO for Samsung Contact. Prior to this, he was at Hewlett-Packard for 14 years, working in a wide variety of engineering, marketing and architect roles, mainly on OpenMail and its predecessors.
Richi lives in England, is an un-professional DJ, rusty scuba diver, and was voted “Most likely to get up first to sing at karaoke” for 16 years in succession. You can follow him as @RiCHi on Twitter, pretend to be Richi’s friend on Facebook, Plus him at +richijennings, or just use boring old email: [email protected]
On quotations:
When I quote other websites or writers, I will often edit for the busy reader, using a style based on accepted journalistic norms (e.g., AP; Chicago). The intention is never to change the meaning of the original. Omitted text is marked with an ellipsis (…); altered text is marked in [brackets]; typos may be corrected; on rare occasions, I may reorder text. I also aim to stay within the letter and spirit of copyright law: specifically, U.S. Fair Use and UK Fair Dealing codes.
If an organization or individual so quoted objects to being quoted in this way, they can request an edit or complete removal by tweeting @RiCHi; the request will then be considered by editorial staff.
Disclosures:
For a list of disclosures and potential conflicts, please see richi.uk/bio

SCARY: “Atom Bomb” Windows Security Hole said to be Unfixable

Atom Bombing Windows security flaw
An “unpatchable” design flaw? enSilo’s Tal Liberman looks coldly pleased

Windows has an unfixable security flaw. That’s the frightening conclusion of this researcher, who says he can inject code—at will—into browsers and other Windows apps.

It affects all versions of Windows released in the past 16 years, he says. And it can’t be patched, without breaking legitimate desktop apps. It could be bad for containerized server workloads, too.

But is it actually a big deal? In today’s IT Newspro, we loosen the airtight hatchway.

Your humble newswatcher curated these news nuggets for your entertainment. Not to mention: Scray clowns


What’s the story? Richard Chirgwin brings us Windows Atom Tables popped by security researchers:

A security researcher has found a way toinject code into Atom Tables [in] all versions of Windows.A successful attack couldaccomplish quite a lot of evil [by] snooping on the contents of memoryscreen-grabs and browser hijack.


But, uhh, Defender will help, right? Jai Vijayan notes that it doesn’t exploit a vulnerability:

[It] is undetectable to existing anti-malware tools.enSilo’s AtomBombing attack involves the injection of malicious code into the so-called atom tables [in] Windows.The oldest versionthat uses atom tables is Windows 2000.


What does the researcher have to say for himself? Tal Liberman claims it’s a Brand New Code Injection for Windows:

Here’s a new code injection technique. [It] exploits Windows atom tables and Async Procedure Calls.

[We] copy our code to an RW code cave in the target process.Then use a meticulously craftedReturn Oriented Programmingchain to allocate RWX memory.

Not a big problem.We can use ZwAllocateVirtualMemory.The complete implementation can be found on GitHub.


Oh noes. What does Redmond have to say? A spokesperson effected this statement to Charlie Osborne:

We encourage our customers to practice good computing habits online, including exercising caution when clicking on linksopening unknown files, or accepting file transfers. A user’s system must already be compromised before malware can utilize code-injection techniques.


Wait, are you suggesting it’s a lot of fuss about nothing? Ken Hagan seems to agree:

There is nothing you can attack that doesn’t have exactly the same access.So you can only attack processes that you can already control.

So it isn’t really a security vulnerability.I have to assume that this is just someone trying to drum up some publicity.


Phew, panic over? Catalin Cimpanu isn’t quite so sanguine Microsoft can’t patch against AtomBombing technique:

The bad news is that this is a design flaw.Microsoft can’t patch it without changing how the entire OS works.


The last word on the subject? It sounds like something Raymond Chen would counter with It rather involved being on the other side of this airtight hatchway. Lasse V. Karlsen explains:

If you have a cracker that is able to execute codeon your own machine, you have already lost.So no, this is not a vulnerability.

Now, having said thatthere is support for attempts to at least make it harder. [But] if the bad-guy can execute code on your platform, what is there to stop him?


And Finally…

Main image credit: @Tal_Liberman

Related Topics:

  • Main
  • Security
  • Windows 10
  • BECOME A PETRI MEMBER:

    Don't have a login but want to join the conversation? Sign up for a Petri Account

    Register