[Techtalk] Shatter Attacks - How to break Windows

Carla Schroder carla at bratgrrl.com
Tue Aug 6 22:46:00 EST 2002

anyone following Slashdot today?


 "This paper presents a new generation of attacks against Microsoft Windows, 
and possibly other message-based windowing systems. The flaws presented in 
this paper are, at the time of writing, unfixable. The only reliable solution 
to these attacks requires functionality that is not present in Windows, as 
well as efforts on the part of every single Windows software vendor. 
Microsoft has known about these flaws for some time; when I alerted them to 
this attack, their response was that they do not class it as a flaw - the 
email can be found here . This research was sparked by comments made by 
Microsoft VP Jim Allchin who stated, under oath, that there were flaws in 
Windows so great that they would threaten national security if the Windows 
source code were to be disclosed. He mentioned Message Queueing, and 
immediately regretted it. However, given the quantity of research currently 
taking place around the world after Mr Allchin's comments, it is about time 
the white hat community saw what is actually possible.

"This paper is a step-by-step walkthrough of how to exploit one example of 
this class of flaw. Several other attack methods are discussed, although 
examples are not given. There are many ways to exploit these flaws, and many 
variations on each of the stages presented. This is just one example."

More information about the Techtalk mailing list