Analysis of the Windows Vista Security Model
SYMANTEC ADVANCED THREAT RESEARCH 1 Analysis of the Windows Vista Security Model Matthew Conover, Principal Security Researcher, Symantec Corporation Abstract —This paper provides an … … in-depth technical assessment of the security improvements implemented in Windows Vista, focusing primarily on the areas of User Account Protection and User Interface Privilege Isolation. This paper discusses these features and touches on several of their shortcomings. It then demonstrates how it is possible to combine these attacks to gain …
Index Terms —Computer security, Windows Vista, Windows Resource Protection, File Virtualization, Registry Virtualization, Integrity Level, UAP, LUA, UIPI I. INTRODUCTION indows Vista is a radical departure from prior versions of the Windows operating system. With its introduction, enhancements have been made to virtually all aspects of the Windows security model. These changes should decrease the ease by which the operating system can be compromised. In this research, Symantec researchers evaluated the security of the Windows Vista February 2006 CTP build. During this research we discovered a number of implementation flaws that continued to allow a full machine compromise to occur. By exploiting these flaws, a low privilege, low integrity level process can bypass User Account Protection, and ultimately execute code at a high privilege, high integrity level. Since the conclusion of our initial phase of research, several new Windows Vista builds have been released. We recently re-evaluated our findings on the publicly released Windows Vista Beta 2 build 5384 and observed certain exploit paths have been fixed. Where applicable, we will indicate where our initial findings differ from the public Windows Vista Beta 2. Windows Vista is a work in progress and it should be expected that security issues, including those discussed in this paper, will continue to be addressed until its final release. A. What’s Covered This paper focuses on attacks against the Windows Vista security model from the perspective of malicious code. The scenario addressed in this paper is an out-of-the-box configuration that a typical user will see when presented with a new Windows Vista installation. In this configuration the user is a Protected Administrator [1] using Internet Explorer 7 to browse a malicious website that exploits a vulnerability [2]. This vulnerability inadvertently introduces malicious code
