Reverse-Engineering Exploits from Patches
This is interesting research: given a security patch, can you automatically reverse-engineer the security vulnerability that is being patched and create exploit code to exploit it?
Turns out you can.
What does this mean?
Attackers can simply wait for a patch to be released, use these techniques, and with reasonable chance, produce a working exploit within seconds. Coupled with a worm, all vulnerable hosts could be compromised before most are even aware a patch is available, let alone download it. Thus, Microsoft should redesign Windows Update. We propose solutions which prevent several possible schemes, some of which could be done with existing technology.
Full paper here.
Ewan Gunn • April 23, 2008 2:26 PM
This is one of those ‘duh’ moments, actually. Makes perfect sense. I’m not sure why it’s not been noticed before. But, of course, it obviously hasn’t worked that way thus far, otherwise we’d have been severely crippled far before now. Again a situation of releasing too much information to the enemy, making their job easier – the hardest part of the security battle is trying to think one ahead of them.