Breaking VSM by Attacking SecureKernel

The presentation discusses two vulnerabilities found in the kmobtain hot patch undo table function in the secure kernel, and the implications of these vulnerabilities on the security of the system.

• The kmobtain hot patch undo table function in the secure kernel has two vulnerabilities that were discovered through fuzzing and source code review
• The first vulnerability is an out-of-bounds write caused by a bad count field passed from vtl0 that is used as the allocation length for a newly allocated mdl
• The second vulnerability is related to mdl and mapping, and involves the function mapping a transfer mdl to vtr1 address space and constructing a new mdl with the content stored in the transfer mdl
• The vulnerabilities have implications for the security of the system, as they could be exploited to gain arbitrary code execution and bypass security mitigations such as hvci and traditional guard
• The researchers are working on porting some of the kernel mitigations into the secure kernel and investigating options for randomization of secure kernel regions

The first vulnerability is caused by a bad count field passed from vtl0 that is used as the allocation length for a newly allocated mdl. If the bad count field is smaller than 48 bytes, an out-of-bounds write will occur. This vulnerability could be exploited to gain arbitrary code execution and bypass security mitigations.

Virtualization based security technologies (VBS) continue to increase the world's dependency on the security of virtualization stacks. But like all software stacks, virtualization stacks are prone to vulnerabilities too. In this talk, we will explain how we found and fixed two vulnerabilities in SecureKernel in Windows 10, which is a critical component of the core of the TCB (Trusted Computing Base) for Microsoft's VBS model. The vulnerabilities could allow an attacker to gain arbitrary code execution in VTL1, compromising the entire VBS model. We will also walk through our process to exploit both vulnerabilities on the latest version of Windows (at the time of writing). To understand these vulnerabilities, we will first discuss the technical differences in Windows between normal world (VTL0) and secure world (VTL1). Normal world is used for general application use, while secure world is designed to be smaller yet securer, which is used to ensure the integrity and security of the entire system. This difference in design is finally reflected on implementations, i.e. secure mode kernel customizes its memory and pool management, process management and even security mitigations. State-of-the-art exploitation techniques in normal mode kernel may not find their way here in secure kernel, novel techniques suitable for VSM exploit will be demonstrated in our talk. Finally, we will share the takeaways Microsoft had from this research, and explain our approach to harden SecureKernel and VSM.