This is important.

It means simply that for any vulnerability that has not previously been published, it suddenly now IS published.

As a hacker (of the ‘nasty’ kind), all you need to do is wait for Microsoft (or any other major software vendor) to release a patch.  Then, using the techniques pioneered by the researchers, it is a trivial operation to identify the vulnerability.  Quoting the researchers, “In many cases we are able to automatically generate exploits within minutes or less.”

In the light of this generalised vulnerability, the authors identify a number of issues which affect the way patches are currently distributed. 

Firstly, we should hope that in these modern times of staggered patch distribution that the naughty lads are late on the list of recipients.  Other wise, they know the problem, they know how to exploit it, and they have the opportunity to do so.  Remind me, how do you spell bot-net?

Additionally, patches are essentially unprotected in-transit, rendering them open for analysis.  The authors speculate how circumstances might be different if they were encrypted (no real change!), personalised to each PC (again, no real change, since patches have to be de-personalised in order to be applied) or distributed via torrent-style rapid-deployment systems (the jury’s still out on this one).

So, what should Joe-user take away from this?  Really, he should change nothing, he’s screwed either way!  Essentially, there’s nothing new he can do to influence this aside (possibly) from manually seeking patches as soon as they are announced – “be the first on your block…”

Alternately, there’s always clay tablets, but I’ve yet to find the spell-checker on one of those!

Tags See All Tags

David Heath  Patches  Reverse Engineering