Since the version of Windows XP, the Windows operating system feature embedded functionality of industrial applications. However the motivation of factor on re-engineering of system depends on customer demand.
Case study details:
The US Navy is paying Microsoft $9.1 million for continued Windows XP support – Jun 23, 2015
Information Background – According to SPAWAR official announcement on Jun 2015. The renewal process will buy the Navy time to migrate from its existing reliance on the expiring product versions to newer product versions approved for use in Ashore and Afloat networks, and will provide hotfixes to minimize risks while ensuring support and sustainability of deployed capabilities.
* The Space and Naval Warfare Systems Command (SPAWAR), based in San Diego, is an Echelon II organization within the United States Navy and is the Navy’s technical authority and acquisition command for C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance), business information technology and space systems.
Doubt – known design limitations
a. Windows OS system – The re-engineering schedule instead of Windows XP operating system.
- US Navy is paying Microsoft $9.1 million for continued Windows XP support – Jun 23, 2015. As of today, we believed that the operating system update has been done. However a valid design weakness on Windows operation system found on 2014 till today. It found by security expert that a kernel flaw appears to all version on Microsoft operating system platform since end of 2014 (see below picture diagram for references). From my personal point of view. I agree with Microsoft official comment on their announcement, this is not a security issue (device driver inject rootkit). My stand point is that the Windows operating system fundamental design objective does not catering for mission critical industries especially Nuclear power facility and military industry. However the modern technology industries deploying in formal fashion of manner. Yes, I agree that the manufacture industry and business automation not shown the side effect of design limitation. But on mission critical industries, the design capability limitation similar a technology kill chain! Information security is a continuous program. Microsoft operation system don’t have exception. A group of security expert re-open this flaw recently (Inside NT’s Asynchronous Procedure Call). Asynchronous Procedure Calls (APCs) are a fundamental building block in NT’s asynchronous processing architecture. This architecture still valid till today.
The security expert highlight the flaw in regards to the following items.
If you are not interested in technical descriptions detail, you can skip and jump to below item 2.
As a device driver writer, you can rely on APCs to execute a routine in a particular thread context without that thread’s intervention or consent whenever no guarantee of its address space’s availability can be made. Since APC mechanism not on Ring 3 and therefore the fundamental of design not enforce protect this mechanism. As a result, a weakness was found in this place. The PsSetLoadImageNotifyRoutine function registers a notification function that is called when the image is loaded or the image is mapped to memory. The operating system calls the registered callback function after displaying the image executed in the user space or in the kernel space (just what we need, because the drivers are just loaded into the kernel), before the execution of the image. The main weakness of software driver integration with operating system is given by PsSetLoadImageNotifyRoutine.
* The PsSetLoadImageNotifyRoutine routine registers a driver-supplied callback that is subsequently notified whenever an image is loaded (or mapped into memory).
As we know, antivirus software using kernel driver to inject code into all all running processes. The antivirus software register for image creation notification and then queue some APCs that will execute in user mode and do the injection. Since the security level of protection of device driver on Windows OS all depends on 3rd party developer design. A lot of security experts feedback comments on Microsoft OS products. They highlight that a flaw appears on kernel side. Microsoft official announcement was told that it is not a security issue. The fact is that malware can use API system call (PsSetLoadImageNotifyRoutine) to trick the OS into giving malware scanners other files. This would allow malicious software smuggling then by evade antivirus monitoring.
Device driver rootkit code (sample)
mov eax, [ebp+ImageInfo] push dword ptr [eax+4]
Do you think the developer alert this issue on their design phase? From logical point of view, this unknown threat not announce to the world. Most of the protection mechanisms are implement falls under File, Registry, Process, DLL Load. Microsoft don’t allow anyone to hook the SSDT. For my comments, the system development cycle is division of job and therefore this protection mechanism will be fall into cyber security team job scope. As are result, the protection mechanism will be relies on antivirus and malware detection software. But the specific threat might evade malware scanner custodian.
It looks that remediation step on critical industries especially Nuclear Power facilities and Military Dept might do a audit. As soon as possible to develop the protection mechanism through SSDT hooking.
2. Satellite communication systems design limitation
Since this topic has been discuss previous. For more details of related article. Please see below url for reference.
As of today (12th Sep 2017), my comments in regards to mission critical industries remain unchanged. That is please re-confirm existing operating system peripherals issue before next action.