CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
image Microsoft DEP KB912923 and WMF Exploit image
Microsoft
Microsoft has released KB912923 today: How to determine that Hardware DEP is available and configured on your computer?

First Microsoft offers a brief explanation on what DEP is:
Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help protect against malicious code exploits.

Hardware-enforced DEP marks all memory locations in a process as non-executable unless the location explicitly contains executable code. There is a class of malicious code attacks that try to insert and run code from non-executable memory locations. DEP helps prevent these attacks by intercepting them and raising an exception.


The KB article goes on and specifies the requirements for hardware enforced DEP, but to actually check if you have it enabled, and if so, its policy, Microsoft writes...
To determine whether hardware-enforced DEP is available on your computer, follow these steps.

1. Click Start, click Run, type cmd, and then click OK.
2. At the prompt type the following and then press ENTER.

wmic OS Get DataExecutionPrevention_Available

If the output is “TRUE”, hardware-enforced DEP is available on your computer.
To determine the current DEP support policy, follow these steps.

1. Click Start, click Run, type cmd, and then click OK.
2. At the prompt type the following and then press ENTER.

wmic OS Get DataExecutionPrevention_SupportPolicy
Be sure to check the article for a graphical confirmation, and a DEP table of support policies.

Why the broo-ha-ha over DEP? Sunbelt's President Alex Eckelberry explains here. In a nutshell, hardware enforced DEP should protect users from the WMF exploit, whereas software enforced DEP does not:
“Microsoft has continued to investigate the use of software-enforced Data Execution Prevention (DEP) to mitigate the Windows Meta File vulnerability for Windows XP Service Pack 2 users. As a result of this investigation, we have updated our guidance regarding DEP to say that some hardware-based DEP, when enabled, can mitigate this vulnerability; however, software-based DEP does not mitigate this vulnerability”
Posted on Monday, 02 January 2006 @ 20:44:35 UTC by Paul (2353 reads)
[ Trackback ]		image

"Microsoft DEP KB912923 and WMF Exploit" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· Microsoft
· Microsoft
· HotScripts
· W3 Consortium
· Google Microsoft Search
· Microsoft
· Technet Online
· HotFix & Security Bulletins
· More about Microsoft
· News by Paul

Most read story about Microsoft:
Microsoft Security Bulletin MS06-001: Official WMF Patch
block bottom
Article Rating
spacer
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
124ppm 0.123s (0.005s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer