SoylentNews is people
SoylentNews
Contestants at this year's Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: they compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three days.
[...] "We used a JavaScript engine bug within Microsoft Edge to achieve the code execution inside the Edge sandbox, and we used a Windows 10 kernel bug to escape from it and fully compromise the guest machine," Qihoo 360 Executive Director Zheng Zheng wrote in an e-mail. "Then we exploited a hardware simulation bug within VMware to escape from the guest operating system to the host one. All started from and only by a controlled a website."
[...] Any hack that can break out of a widely used virtual machine is generally considered significant. The one described Friday is made all the more impressive because it works by exploiting Edge, which is regarded among security professionals as one of most challenging browsers to exploit. Typically, such remote-code exploits require two or more vulnerabilities to be exploited in unison. The requirement appears to be why the Qihoo team combined the heap overflow exploit with the Windows kernel hack. The description sets up a scenario in which malicious websites can not only compromise a visitor's virtual machine, but also the much more valuable host machine the VM runs on. At last year's Pwn2Own, contestants didn't attempt to target VMWare, an indication reliable exploits were probably worth more than the $75,000 prize that was offered at the time.
Friday's success underscores the central theme of Pwn2Own, that no operating system or application is immune to hacks that thoroughly compromise its security.
Source: ArsTechnica
(Score: 2) by Runaway1956 on Tuesday March 21 2017, @02:07AM (6 children)
I've never even looked at this "Edge" crap. Is it similar to IE, in that, IE was almost part of the OS? I experimented with Windows long ago. It was *possible* to remove IE from the Windows installation disk. Doing so ensured that Windows was incapable of performing some tasks. Those tasks didn't seem "essential" for an operating system, but there were some odd glitches here and there. If I remember correctly, Windows help files (.chm) wouldn't work, rendering images was kinda funny - can't remember what else. But, of course, you could install third party software to do whatever didn't seem right.
The philosophy that allows embedding an application so deeply into the OS is simply wrong.
So, if Edge is similar, then Edge is also very wrong.
(Score: 3, Informative) by Arik on Tuesday March 21 2017, @04:18AM (3 children)
With Windows 10 IE is no longer pushed, Edge is instead. IE remains, accessible and vulnerable, for backward compatibility with Windows and third party components that rely on it, but you have to go searching for it to find it. Edge is supposed to be more secure, because it ditches all the old ActiveX crap that caused so much trouble with IE back in the day. Nonetheless, it's extremely advertiser friendly so of course it's not really any more secure. So it gets hijacked in new and interesting ways.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by Runaway1956 on Tuesday March 21 2017, @02:04PM (2 children)
Actually, I did my experiments, and work, on Windows XP. The same steps worked on Longhorn, which was later known as Vista. A quick search indicates that NTLite will perform all of the same cusomizations that nLite offered on WinXP.
https://www.ntlite.com/discussions/#/discussion/246/tutorial-for-creating-a-700mb-windows-7-or-8-iso-and-install-in-a-vm [ntlite.com]
IE is removable, but it is done during the creation of your installation media, NOT after installation.
(Score: 2) by Arik on Tuesday March 21 2017, @03:51PM (1 child)
From the domain I'm guessing that's about NTLite though, a program I have had some experience with. With 98lite and a 98SE disk you could do exactly what you say. IIRC even with NTLite you could not really get the desired results out of XP. You're either *only* removing the default UI but leaving all the guts accessible and exploitable, OR you break a LOT of system stuff.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Tuesday March 21 2017, @05:29PM
Hey, I know 98-Lite. That's the radio station I use to get my Kenny G. fix.
(Score: 1) by khallow on Tuesday March 21 2017, @05:50AM
Is it similar to IE, in that, IE was almost part of the OS?
It's the built in web browser installation tool. Just like IE.
(Score: 0) by Anonymous Coward on Tuesday March 21 2017, @10:52AM
Nor did I, for the simple reason that I wouldn't install the operating system required for it.