[Followup-to set for microsoft.public.security]

The Advisory as updated on 30 Dec-05 now states that Software DEP does *not*
block the exploit.

http://www.microsoft.com/technet/sec...ry/912840.mspx

<QP>
I have DEP enabled on my system, does this help mitigate the
vulnerability?

Software based DEP does not mitigate the vulnerability. However,
Hardware based DEP may work when enabled: please consult with your
hardware manufacturer for more information on how to enable this and
whether it can provide mitigation.
</QP>
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

PA Bear wrote:
> In fact, there are various recent posts elsewhere stating that DEP blocked
> the exploit. YMMV.
>
> jacecarter@gmail.com wrote:
> > Data Execution Prevention?
> > What happened to DEP in XP SP2?
> >
> > If this is a buffer overflow exploit, why then isn't DEP in XP SP2
> > shutting down the malicious code before it can run?
> >
> > I would think that an image file would be marked as "data" in memory,
> > not as an executable image, although WMF might be different than say a
> > jpg or bmp, does anyone know for sure?
> >
> > I keep my DEP setting on "Turn on DEP for all programs and services
> > except those I select"
> >
> > http://www.microsoft.com/technet/sec.../depcnfxp.mspx
> >
> > "Microsoft Windows XP Service Pack 2 (SP2) helps protect your computer
> > against the insertion of malicious code into areas of computer memory
> > reserved for non-executable code by implementing a set of hardware and
> > software-enforced technologies called Data Execution Prevention (DEP).
> > Hardware-enforced DEP is a feature of certain processors that prevents
> > the execution of code in memory regions that are marked as data
> > storage. This feature is also known as No-Execute and Execution
> > Protection. Windows XP SP2 also includes software-enforced DEP that is
> > designed to reduce exploits of exception handling mechanisms in
> > Windows.
> >
> > Unlike an antivirus program, hardware and software-enforced DEP
> > technologies are not designed to prevent harmful programs from being
> > installed on your computer. Instead, they monitor your installed
> > programs to help determine if they are using system memory safely. To
> > monitor your programs, hardware-enforced DEP tracks memory locations
> > declared as "non-executable". To help prevent malicious code, when
> > memory is declared "non-executable" and a program tries to execute code
> > from the memory, Windows will close that program. This occurs whether
> > the code is malicious or not."