DEeP Protection or a Bit of a NiX? A closer look at Microsoft’s new memory protection offerings

Charles Renert Determina

Microsoft’s Data Execution Protection (DEP) is a new feature embedded in Windows operating systems that allows for the enforcement of access controls on system memory. Designed as a response to the outbreaks of network worms propagating through buffer overflows, the so-called ‘NX bit’ is used to designate whether a region of memory can execute code, and is intended to block the execution of malicious code from areas commonly exploited by worm writers (such as the stack and the heap). This paper will outline how DEP works, discuss the benefits and pitfalls of the approach, and assess the feature’s security coverage with an analysis of exploitation techniques in use by today’s most recent attacks.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.