2x1 Microsoft Bugs: Virtual PC hyper-hole-visor' + 'Windows Creation Vulnerability (MS10-048)

2x1 Microsoft Bugs: Virtual PC hyper-hole-visor' + 'Windows Creation Vulnerability (MS10-048)

Thursday, September 16, 2010
Nicolas Economou
Ekoparty 2010

This talk will show you how this bug weakens Microsoft Windows security mechanisms when it is running into Virtual PC. Until now, the bug hasn't been fixed and Microsoft hasn't set a fix date.

On Tuesday June 8th 2010, Microsoft fixed a bug (MS10-032) in the "xxxCreateWindowEx" kernel function, but they forgot something... This talk will show you how MS10-032 was converted on MS10-048 and how it was exploited.

Related information

Advisories
Virtual PC Hypervisor Memory Protection Vulnerability | Microsoft Windows CreateWindow function callback vulnerability