Detours is a library offered by Microsoft Research for interception of functions on x86 and x64 platforms. It is sold for commercial use to various vendors that build products ranging from security to gaming applications.
Detours is often injected into most or all of the processes, either system-wide or in the context of the logged in user. The most common way this is done is through the AppInit_Dlls registry value. Because the injection is typically applied to a large number of processes running under various permissions, extra care must be taken to ensure the library and its usage are very carefully reviewed by engineers with a strong understanding of the implications of such wide hooking.
We have used this library in our own security products at Cisco (both CSA and AnyConnect) to provide certain security functions on the system. During one of our research projects earlier this year, we noticed a peculiar pattern on Windows systems where processes we were hooking had a change in the in-memory permissions, which marked the headers of the modules from the normal READ/EXECUTE to now include WRITE as well.
This was quite alarming to us, because a dll should not be writeable when loaded into memory. What was interesting, and led to clues of what might be the cause, was that it was only the dlls that had functions we were actively trying to hook. They were the common Win32 dlls that one would typically intercept methods for, such as Kernel32.dll.
Read More »
Tags: DLLs, Dynamic Link Libraries, Microsoft, security, third party software
TechEd Australia kicks off today and the Cisco team is on hand to showcase how Cisco and Microsoft are teaming to develop integrated solutions that are enabling new levels of IT innovation in the data centre.
Make sure to come by booth #56/57 to speak with Cisco experts about how the Cisco Unified Computing System (UCS) and Nexus switch family integrate seamlessly with the Microsoft portfolio of enterprise applications and technologies, including:
- Cisco UCS for Microsoft Private Cloud and applications (SQL and Exchange)
- Cisco UCS Manager for Microsoft System Centre
- Cisco UCS PowerTool for Microsoft Windows PowerShell
- Cisco Nexus 1000V Switch for Microsoft Hyper-V
Read More »
Tags: Australia, Cisco UCS, data center, Microsoft, TechEd
That’s right folks, today is Patch Tuesday and Microsoft has published its monthly security bulletin for August 2013. The bulletins address a total of 23 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, and Microsoft Exchange. These vulnerabilities could allow an attacker to execute arbitrary code, cause a denial of service condition, or gain elevated privileges.
The bulk of the August updates correct several vulnerabilities in Internet Explorer. Although little technical information is available currently, it’s likely that attackers may develop future exploits based on the vulnerabilities.
Multiple vulnerabilities correct vulnerabilities in Microsoft Windows. A few of the vulnerabilities involve improper processing of ICMP network packets and could allow for attacks that cause affected systems to stop responding to additional network traffic. Although service failures are a concern for production systems, an exploit would allow no system access. Read More »
Tags: Cisco Security, cisco sio, Microsoft, Microsoft bulletin, patch tuesday, vulnerabilities
Cisco and NetApp continue to drive innovation with new FlexPod offerings that enable organizations to address their business needs while reducing risk and increasing IT efficiency and agility. FlexPod combines the Cisco Unified Computing System, Cisco Nexus data center switches, and NetApp storage components and provides a powerful platform for critical application workloads.
With joint validated designs and integrations with Microsoft Windows Server®, Microsoft Hyper-V™, and System Center, FlexPod provides an ideal platform for Microsoft Private Cloud deployments, allowing customers to accelerate private cloud infrastructure-as-a-service (IaaS) delivery.
Please join us on Wednesday, August 7, 11 a.m. U.S. Pacific Time, when we will kick-off a technical series detailing FlexPod with Microsoft Private Cloud. In this live webinar, presented by Cisco, Intel, Microsoft and NetApp, you hear from technical experts on the following topics: Read More »
Tags: FlexPod, Intel, Microsoft, netapp, private cloud, technical, webcast
Cisco and Microsoft have a developed a powerful alliance in the data center that extends the value of the Cisco Unified Fabric, Unified Computing System, and Unified Network Services through leading-edge integrated solutions with Microsoft Windows Server, Hyper-V and System Center. These integrations provide an opportunity for Channel Partners to deliver differentiated solutions that address their customer’s most pressing business and IT challenges.
The Nexus 1000V Switch for Microsoft Hyper-V stands out as an example of how Cisco and Microsoft are collaborating to offer integrated solutions to customers and partners. The Nexus 1000V extends Cisco networking benefits to Microsoft Windows Server 2012 Hyper-V deployments and provides a consistent operational model across physical and virtual environments. Cisco was the first company to integrate with Hyper-V and the industry is taking notice. Nexus 1000V for Microsoft Hyper-V was recently recognized as Best of TechEd 2013 in the Virtualization category.
If you’d like to learn more about Nexus 1000V for Microsoft Hyper-V, you’re in luck. Redmond Channel Partner is hosting a webinar on Cisco Nexus 1000V: Virtual Networking for Hyper-V Environments on Thursday, July 25, 2013, at 11am PT / 2pm ET.
Read More »
Tags: data center, Hyper-V, hypervisor, Microsoft, network hypervisor, Nexus 1000v, virtualization, webcast