WMF exploit and DEP



There’s a bit of controversy over the suggestion that Hardware DEP seemed to protect against the WMF zero day exploit. Sunbeltblog has responded to the controversy. George Ou in the first link above claims that there’s a lot of bad advice out about this exploit and that hardware DEP (Data execution prevention) doesn’t work to mitigate the problem.


After reading through I’m left with a couple questions. 1)how will do virtual machine environments deal with hardware DEP? I haven’t had any first hand experience with it, but have to admit I’m wondering. 2) It sounds as though settings for DEP may need to be such that DEP is enabled for “All programs and services” instead of just essential windows programs and services.

I haven’t had a chance to test this out firsthand, although I may try out the software DEP (There are claims that SOFTWARE DEP can prevent this. (Including Microsoft’s bulletin.) The other question that comes to mind is what is making the experience from one user to another inconsistent? Is it settings? Could there be a hardware variation? Could there even be a variation in the way the exploit work? Settings and varying hardware DEP support would seem to be the most likely.

Ultimately, we shouldn’t rely on DEP as the ONLY protection against buffer overflow exploits… It sounds like it can limit the effect of such an exploit, but it shouldn’t be seen as the holy grail to protect us against programming bugs.

   Send article as PDF   

Similar Posts