Upload
rosemary-ellis
View
218
Download
3
Tags:
Embed Size (px)
Citation preview
Windows XP Service Pack 2Customer Awareness Workshop
Trustworthy Computing –XP SP2 Technical Overview
Windows XP Service Pack 2Customer Awareness Workshop
Trustworthy Computing –XP SP2 Technical OverviewCraig Schofield ([email protected])Microsoft Ltd. UK
September 2004
The DayThe Day
Trustworthy Computing Overview of Windows XP Service Pack 2
Coffee break… around 11.15am
Technical Drill-Down of Windows XP SP2 – Part 1 You’ll need lunch...12.45 to 1.30pm
Technical Drill-Down of Windows XP SP2 – Part 2 Another coffee break… around 3.15pm
Planning, Testing and Deploying WinXP SP2 Troubleshooting
Close … 5pm
What’s wrong with SP1 then?What’s wrong with SP1 then?
Security and Trustworthy ComputingSecurity and Trustworthy Computing
Most attacks Most attacks occur hereoccur here
SituationWhen do exploits occur?SituationWhen do exploits occur?
ProducProduct t
shippeshippedd
VulnerabilityVulnerabilitydiscovereddiscovered
Fix Fix Made Made
AvailablAvailablee
Fix deployedFix deployedby customerby customer
Exploit TimelineProcess, Tools CriticalExploit TimelineProcess, Tools Critical
ProducProduct t
shippeshippedd
VulnerabilityVulnerabilitydiscovereddiscovered
Fix Fix Made Made
AvailablAvailablee
Fix deployedFix deployedby customerby customer
Days between Fix and Exploit Have decreased so that patching can’t be the only defense in
large organizations
Exploit
151151180180
331331
BlasterBlasterWelchia/ Welchia/ NachiNachi
NimdaNimda
2525
SQL SQL SlammerSlammer
1414
SasserSasser
Microsoft CommitmentMicrosoft Commitment
Build software and services that will help better protect
our customers and the industry.
SpringboardSpringboard
Get secure and stay secure with less cost, less stress Starts with XP SP2 Suite of products and technologies:
• XP SP2, Windows Update V5, update.exe, Windows Installer 3 (.msp/.msi), “SUS 2”, Windows Server 2003 SP1
Changes in functionality & baseline security level
Patch management too complexTime to exploit acceleratingExploits are more sophisticated Current approach is not sufficient
Create a new Microsoft security baseline for the OS & Internet Explorer
Springboard – Why?Springboard – Why?
MemoryMemoryAttachmentsAttachments WebWebNetworkNetwork
Isolation & Resiliency:Old ApproachIsolation & Resiliency:Old Approach
MemoryMemoryAttachmentsAttachments WebWebNetworkNetwork
Isolation & Resiliency:New ApproachIsolation & Resiliency:New Approach
Windows XP Service Pack 2Windows XP Service Pack 2
Block virus or malicious code at the “point of entry”
Enhanced Security
Increased Manageability
Improved Experience
Windows XP Service Pack 2Windows XP Service Pack 2
Schedule Available now: RTW 9th August Critical Update to all Windows XP clients from 25th August
All Windows ‘Editions’ supported Home & Professional SP2 provides the upgrade to Tablet Edition 2005 (“Lonestar”) SP2 provides the upgrade to Media Center Edition 2004 (“Harmony”)
Being localized in 25 languages over next 2 months English, German, French, Spanish, Italian, Brazilian, Japanese,
Dutch, Swedish, Danish, Norwegian, Finnish, Simplified Chinese, Traditional Chinese, Korean, Czech, Polish , Hungarian, Russian, Traditional Hong Kong Chinese, Arabic, Hebrew, Greek, Turkish, Portuguese
Windows Server 2003 Service Pack 1Windows Server 2003 Service Pack 1 Goals
Implement additional protection for enterprise environments
Planned for Q1 2005
Very focused release Enable appropriate “safety technologies” from client Feature list is still under development
• Secure Role-based Configuration
• Inspected Environments
“XP Reloaded”“XP Reloaded”
NOT XP Service Pack 2NOT a product
Value-add initiatives for Windows XP.
Service Pack 2 OverviewService Pack 2 Overview
MemoryMemoryAttachmentsAttachments WebWebNetworkNetwork
Problem: Port-Based AttacksProblem: Port-Based Attacks
Many services and applications running on users’ computers listen for network traffic These applications and services require open ports to
function properly Hackers build automatic tools that scan the Internet
for computers running these applications and services
Even with a perimeter firewall, systems may be vulnerable to attack
Solution: Windows FirewallSolution: Windows Firewall
Windows Firewall (formerly ICF) is on by default All ports protected
Exception list for applications & services requiring open ports Required only for applications or services that need to listen for
unsolicited incoming traffic Per-port or per-application subnet and IP address restrictions
Boot-time security Highly manageable
Two operating profiles to support mobile computers• Domain and Standard
All configuration options available through new Group Policy Objects and through scripting
Problem: DCOM & RPCProblem: DCOM & RPC
Core infrastructure for application to application communications
Underlying service that supports DCOM & RPC-based communication (RPCSS) is always on
RPCSS listens on a well known endpoint Port 135 for DCOM, many ports for RPC
RPCSS allows unauthenticated remote calls Limited administrative control
Solution: RPC & DCOMSolution: RPC & DCOM
Change to underlying architecture (RPCSS) to reduce attack surface area
Block unauthenticated calls to DCOM and RPC services
Make it easier to restrict interfaces to local machine only
Fine-grained security New permissions configured through group
policy, UI and logon scripting
Problem: AttachmentsProblem: Attachments
Security model depends on users to make good trust decisions
However, users are ill-equipped to make informed decisions
Users easily tricked into making poor choices Example: “myphoto.jpg .exe”
Employing a static list of dangerous file types isn’t enough
Solution: Attachment ManagerSolution: Attachment Manager
New Windows service (and public API) for handling safe attachments Used by Outlook Express, Windows Messenger and
Internet Explorer, and third-parties soon
Unsafe attachments not trusted by default Block/Prompt/Allow determined by combination
of file type & zone Marks zone or origin in file system if file is saved
to disk Enables safer message “preview” in Outlook
Express
Consistent experience for “trust” decisionsConsistent experience for “trust” decisions
Problem: MemoryProblem: Memory
Some services and applications improperly handle malformed messages
An attacker can send a message with data that is longer than expected Extra data includes
malicious code Malicious code is
inadvertently written to area of memory where that code is executed
Locally DeclaredVariables and Buffers
Function StackMapping
MaliciousCode
ExecutedHere
Data GoesHere
Anatomy of a Buffer Overrun
Callee save registers
Function Parameters
Function Return Address
Frame Pointer
Exception Handler Frame
ExtraData
OverflowsHere
Locally DeclaredLocally DeclaredVariables and BuffersVariables and Buffers
CookieCookieoverwritten,overwritten,executionexecution
haltshalts
Data GoesData GoesHereHere Callee save registersCallee save registers
Function StackFunction Stackwith /GS Switch with /GS Switch
Function ParametersFunction Parameters
Function Return AddressFunction Return Address
Frame PointerFrame Pointer
Exception Handler FrameException Handler Frame
Solution: /GS SwitchSolution: /GS Switch
Visual C++ .NET compiler implements the new /GS switch
The /GS switch provides a "speed bump," or cookie, between the buffer and the return address
If an overrun overwrites the cookie, process is halted
CookieCookie
ExtraExtraDataData
OverflowsOverflowsHereHere
Most critical Most critical Windows Windows components have components have been recompiled been recompiled using the /GS using the /GS switchswitch
Solution: Execution PreventionSolution: Execution Prevention
Known as NX and “Execution Protection” Prevents execution of injected code Leverages processor technology
Marks memory regions as non-executable Processor raises exception when injected code is
executed
Supported on 64-bit extensions processors SP2 runs in 32-bit compatibility mode with NX support AMD Athlon64 and Opteron today Intel has announced support for NX in new Celeron
line and Prescott based P4’s
Hardware-based protection
Problem: Web BrowsingProblem: Web Browsing
Internet Explorer flexibility may be exploited Some Internet Explorer features may be used
to mislead users Popups may be made to look like security messages Browser windows may be made to look like the
Windows desktop or a Windows dialog (spoofing) The source of Web downloads may be disguised
Internet Explorer security settings difficult to manage
Solution: Internet ExplorerSolution: Internet Explorer Limit deceptive & annoying behaviors
Popup Blocker limitations on how script-controlled windows look
Better information for trust decisions New Information Bar Safer handling of downloaded web controls
More secure architecture Zone elevation restrictions Object caching changes MIME handling enforcement Lockdown of the Local Machine Zone Binary Behaviors (compiled DHTML) restrictions
Improved manageability infrastructure
Additional EnhancementsAdditional Enhancements
New Windows Security Center
Automatic Update enhancements
Windows Update Services client
New unified wireless LAN client
Updated Bluetooth client
Windows Media 9 Series player update
How SP2 Would Have HelpedHow SP2 Would Have Helped
MSBlaster worm Windows Firewall, by default, blocks the ports required to exploit this vulnerability By denying unauthenticated requests to DCOM, this exploit would have been
mitigated The /GS Switch and/or NX would have prevented this exploit by preventing the
unchecked buffer from being exploited
W32.Sasser.worm Windows Firewall, by default, blocks the ports required to exploit this vulnerability The /GS Switch and/or NX would have prevented this exploit by preventing the
unchecked buffer from being exploited
Mydoom and W32/Nimda.A@mm Attachment Manager would have blocked Mydoom had an infected e-mail been
opened in Outlook Express
Various spoofing and phishing attacks on the Internet The new IE Popup Blocker and new limitations on script-initiated windows would
have eliminated many of these attacks
Application CompatibilityApplication Compatibility
Functional Area Compatibility Status
Attachment Handler User experience modified
Windows Firewall
Few apps proper configuration requiredDCOM & RPC
NX & /GS
Other components
Internet Explorer Some apps proper configuration required
The vast majority of application compatibility The vast majority of application compatibility issues are mitigated through configuration of SP2 issues are mitigated through configuration of SP2 security optionssecurity options
Very few issues require code changesVery few issues require code changes
SummarySummary
More Secure “Shields-up” approach Reduced attack surface area
More Resilient Network Protection Data Execution Prevention Greater user control when Browsing More Secure Email and Instant Messaging
More Manageable Enhancements to Group Policy to provide more granular control Reduced urgency in patching vulnerabilities due to defence in depth
More Visible Windows Security Center – enhanced security information Internet Explorer UI enhancements provide more information
A major step forward on a long journeyA major step forward on a long journey
© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.