DEeP Protection or a Bit of a NiX? A closer look at Microsoft’s new memory protection offerings presented at Virus Bulletin 2005

by Charles Renert (Determina),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2005/abstracts/charles_renertTechThurs1440.xml

Summary : Microsoft’s Data Execution Protection (DEP) is a new feature embedded in Windows operating systems that allows for the enforcement of access controls on system memory. Designed as a response to the outbreaks of network worms propagating through buffer overflows, the so-called ‘NX bit’ is used to designate whether a region of memory can execute code, and is intended to block the execution of malicious code from areas commonly exploited by worm writers (such as the stack and the heap). This paper will outline how DEP works, discuss the benefits and pitfalls of the approach, and assess the feature’s security coverage with an analysis of exploitation techniques in use by today’s most recent attacks.