Shatter-Proofing Windows presented at Blackhat USA 2005

by Tyler Close,

Tags: Security

Summary : The Shatter attack uses the Windows API
to subvert processes running with greater privilege than the attack
code. The author of the Shatter code has made strong claims about the
difficulty of fixing the underlying problem, while Microsoft has, with
one exception, claimed that the attack isn't a problem at all. Whether
or not Shatter is indeed an exploit worth worrying about, it uses a
feature of Windows that has other malicious uses, such as keystroke
logging. This talk presents a means of defeating this entire family of
attacks with minimal breaking of applications and effect on the look and
feel of the user interface.