State of Win32k Security: Revisiting Insecure design

Win32k.sys is infamous for being the prime target used by hackers for modern exploitation and browser/sandbox escapes on Windows: the driver managing the user and graphics subsystems. With its legacy spanning as far back as NT 4 (released in 1996), there are significant challenges with its security attestation. This talk while touching a bit of Win32k history covering its various design shifts at the expense of security, but will mostly focus on how long standing insecure design were revisited and remediate. In hindsight the talk will give a deeper analysis on various mitigations added in latest Windows release (RS4), resulting in exploits getting more expensive, unreliable and in some cases impossible.

Presented by