Uncategorized

CERT/CC VU #817544 : Windows ASLR Vulnerability

U.S. Department of Homeland Security US-CERT National Cyber Awareness System: Windows ASLR Vulnerability

Original release date: November 20, 2017

The CERT Coordination Center (CERT/CC) has released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review CERT/CC VU #817544 and apply the necessary workaround until a patch is released.

https://www.us-cert.gov/ncas/current-activity/2017/11/20/Windows-ASLR-Vulnerability

http://www.kb.cert.org/vuls/id/817544

Standard
Uncategorized

Toms Hardware: Win10 unsupported disk layout UEFI error howto

Tom’s Hardware – an example of a computer review site that never shows CHIPSEC results 😦 — has a new article on how to fix a common UEFI/Windows problem:

How To Fix Windows 10 Unsupported Disk Layout UEFI Error
by Seth Colaner November 17, 2017 at 1:30 PM

A common problem that Windows users have encountered when trying to update Windows 10 is the “Unsupported Disk Layout for UEFI Firmware” error. This error basically means that the partition structure of your hard drive is not supported by the version of Windows 10 that you want to upgrade to. This error can be resolved by creating a Microsoft Reserved Partition (MSR), which is used on Unified Extensible Firmware Interface (UEFI)/GUID Partition Table (GPT) disks. Without getting too technical, we will outline the steps to fix this error when attempting to update.[…]

http://www.tomshardware.com/news/how-to-fix-windows-10-unsupported-disk-layout-uefi-error,35960.html

PS: Tom, please start showing CHIPSEC (and FWTS) results in your reviews, less on what colors the cases come in, and more on what security the HW/FW fails to offer. Thanks!

Standard
Uncategorized

Intel open sources HAXM, Hardware Accelerated Executation Manager for Mac/Windows

Intel Hardware Accelerated Execution Manager (HAXM)

HAXM is a hardware-assisted virtualization engine (hypervisor) that uses Intel Virtualization Technology to speed up IA (x86/ x86_64) emulation on a host machine running Windows or macOS. It started as an Android SDK component, but has recently transformed itself into a general accelerator for QEMU. HAXM can be built as either a kernel-mode driver for Windows or a kernel extension for macOS.[…]

https://github.com/intel/haxm

 

See-also:

https://01.org/android-ia/q-and-a/what-haxm

https://software.intel.com/en-us/articles/intel-hardware-accelerated-execution-manager-intel-haxm

https://github.com/Nukem9/Haxm

Standard
Uncategorized

Restart2UEFI: restart UEFI systems to firmware (for Windows)

This is a new project, a C# GUI that requires Windows and Visual Studio to build. It appears to be a wrapper to the Windows shutdown.exe utility.

https://github.com/spoonieau/Restart2UEFI

Restart2UEFI: Utility’s to restart uefi systems to firmware. An easyer way to get your system to boot to the motherboards firmware interface than going Win’s recovery options, to finding a pappercilp the certain notebooks.

Restart2UEFI winforms build ported to UWP. Needs Restart2UEFIHelper.exe in projects win32 dir. Was going to be release on the windows store but due to needing the use of a win32exe and only holding a developer licence. So I was unable to submit and have a compiled App available.

 

Standard
Uncategorized

Microsoft adds Time Travel Debugging (TTD) to Windbg

Time Travel Debugging is now available in WinDbg Preview

We are excited to announce that Time Travel Debugging (TTD) features are now available in the latest version of WinDbg Preview. About a month ago, we released WinDbg Preview which provides great new debugging user experiences. We are now publicly launching a preview version of TTD for the first time and are looking forward to your feedback.[…]

https://blogs.msdn.microsoft.com/windbg/2017/09/25/time-travel-debugging-in-windbg-preview/

https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-object-model

As I hear, TTD has been used at Microsoft internally for years, just now getting this feature out to the public. Though they are not identical in implementation, GDB has had reverse execution for a while.

https://www.gnu.org/software/gdb/news/reversible.html
https://sourceware.org/gdb/onlinedocs/gdb/Reverse-Execution.html
https://sourceware.org/gdb/wiki/ReverseDebug

Standard