Title
2x1 Microsoft Bugs: 'Virtual PC hyper-hole-visor' + 'Windows Creation Vulnerability (MS10-048)'
Authors
Nicolás Economou
In
Ekoparty 2010
Date published
2010-09-16
Keywords
virtual pc, createwindow, exploit writing, bug, ekoparty

Abstract

This talk will show you how this bug weakens Microsoft Windows security mechanisms when it is running into Virtual PC. Until now, the bug hasn't been fixed and Microsoft hasn't set a fix date.

On Tuesday June 8th 2010, Microsoft fixed a bug (MS10-032) in the "xxxCreateWindowEx" kernel function, but they forgot something... This talk will show you how MS10-032 was converted on MS10-048 and how it was exploited.

Attachments