Weakness in Windows XP SP2 Overflow Protection

Security company Positive Technologies released a whitepaper that explains what it considers to be weaknesses in the heap overflow protection and data execution protection in Windows XP Service Pack 2. The two technologies are designed to help prevent intruders from taking advantage of unchecked buffers to launch malicious code within the operating system.

Positive Technologies said they contact Microsoft about the problem in late December and provided proof of concept code to demonstrate the problem, and that they have not yet heard back from Microsoft since that time. The company decided to release the whitepaper along with a utility, PTmsHORP, that the company said protects against the discovered weaknesses.

A spokesperson for Microsoft told Windows IT Pro Magazine that the company is investigating the report and that based on early analysis Positive Technologies' discovery "is not a security vulnerability. An attacker cannot use this method by itself to attempt to run malicious code on a user's system" and that "there is no attack that utilizes this, and customers are not at risk from the situation."

Security administrators are well aware that attack methods have evolved to combine numerous vulnerabilities and code design weaknesses in order to compromise system security. If Positive Technologies' whitepaper is accurate then the findings minimally represent a design weakness that can be exploited to bypass intended protection.

Microsoft's spokesperson also said that the company "will continue to modify \[heap overflow protection and data execution protection\] as appropriate to improve them and will evaluate ways to mitigate against \[buffer overflow vulnerabilities\] while retaining performance on the system, either through an update as part of our monthly bulletin release process, or in a service pack."