[VIM] Reverse Engineering Microsoft Patches in 20 Minutes

security curmudgeon jericho at attrition.org
Fri Jun 24 18:37:57 EDT 2005


Reverse Engineering Microsoft Patches in 20 Minutes
Posted in General Vulnerability Info on June 24th, 2005 by jericho

Halvar posted to the DailyDave mail list today showing a brief flash based 
demonstration of some of his reverse engineering tools. The presentation 
shows how one can reverse engineer a Microsoft patch using binary diff 
analysis, and figure out exactly what the vulnerability is, down to the 

What will this technology and method do, when hundreds (thousands?) of 
people can reverse engineer a patch that fast, and offer full 
vulnerability details within minutes of a patch? That type of information 
would be incredibly valuable to some people, probably for more nefarious 
purposes. That type of information would be incredible for the security 
community and vulnerability databases who often have a difficult time 
seperating issues due to lack of details.

Even more interesting, would this show a more concise history of 
vulnerabilities in a given vendors product that demonstrates the same 
programs, routines and even functions are found vulnerable repeatedly? 
Would this help companies identify who should be singled out for 
additional secure coding workshops?


More information about the VIM mailing list