Microsoft Developer introduces two new Windows APIs to help developers build secure software. Microsoft has made its next move to address uninitialized memory issues, this time targeting the uninitialized kernel pool memory used by developers creating hardware drivers for Windows.
According to Joe Baikal, a security engineer at the Microsoft Security Response Center (MSRC), these disparate memory vulnerabilities represent one in 10 of all Microsoft CVEs in recent years.
Uninitialized kernel pool vulnerabilities are slightly less than half of all unauthorized memory issues reported to Microsoft in mid-2017 and 2018, notes Bialek.
Also see: Get Free Training Class Super Affiliate System Click Here
Bialek expanded Microsoft’s Init All project last month to address unauthorized memory vulnerabilities. Init All was enabled in kernel-mode code, Hyper-V code, and networking-related user-mode services from Windows 10 version 1903 and newer.
Also see: Acer Swift 7 SF714-52T Full Review Click Here
This is part of Microsoft’s larger effort to kill memory-related bugs, which account for about 70% of all patches Microsoft has sent over the past decade since Windows is written in C and C ++. It is also that Microsoft is finding Rust to rewrite some Windows components.
Microsoft’s goal is to recognize that its code does not have built-in-un-organized kernel pool issues and to implement solutions that have minimal impact on performance.
Also see: Asus TUF Gaming A15 full review Click Here
The answer is called ‘pool zeroing’ introduced in Windows 10 version 2004 through the new Windows Kernel Pool Application Programming Interface (API), which causes a minimal nuisance for Windows application and driver developers.
We expect that this nausea will mostly eliminate the threat of a vulnerability class, which accounts for 5% to 10% of all Microsoft CVEs in recent years, says Bialek.
Also see: Asus ZenBook 13 UX331U full Review Click Here
The API is called ExAllocatePool2 and ExAllocatePool3. Separate tools are also available to support versions of Windows 10 prior to 2004.
The intent here is that driver is a way for developers to be more clear about what they are doing in their program. Boiler points out that if a developer intends for the allocation to be truly unauthorized or void it obviously will not happen, as BILEK has pointed out.
Bialek notes that the use of the new pool-zeroing API requires code changes. To support these APIs, Microsoft overhauled Windows Memory Manager and made changes to future releases of Hyper-V and networking components.
He says that our current plan is to convert all bugs into code-mode by using automated bug-filing tools in the new API to ensure that everything changes.
Microsoft is exploring how it can help third-party drivers to shut down older pool APIs. Bilek is confident that the new Pool API should eliminate uninstalled memory vulnerabilities in Windows for the most part.
Once we finish converting our code on the new pool API, the majority of unethical memory vulnerabilities currently affecting customers will be reduced on Windows, he says.
Uninitialized memory vulnerabilities are still possible, but protecting the stack between InitAll and using the most allocation zeroing flag will make these issues much less likely to sneeze.