[VIM] Reverse Engineering Microsoft Patches in 20 Minutes
security curmudgeon
jericho at attrition.org
Fri Jun 24 18:37:57 EDT 2005
http://www.osvdb.org/blog/
Reverse Engineering Microsoft Patches in 20 Minutes
Posted in General Vulnerability Info on June 24th, 2005 by jericho
Halvar posted to the DailyDave mail list today showing a brief flash based
demonstration of some of his reverse engineering tools. The presentation
shows how one can reverse engineer a Microsoft patch using binary diff
analysis, and figure out exactly what the vulnerability is, down to the
function.
What will this technology and method do, when hundreds (thousands?) of
people can reverse engineer a patch that fast, and offer full
vulnerability details within minutes of a patch? That type of information
would be incredibly valuable to some people, probably for more nefarious
purposes. That type of information would be incredible for the security
community and vulnerability databases who often have a difficult time
seperating issues due to lack of details.
Even more interesting, would this show a more concise history of
vulnerabilities in a given vendors product that demonstrates the same
programs, routines and even functions are found vulnerable repeatedly?
Would this help companies identify who should be singled out for
additional secure coding workshops?
post:
http://archives.neohapsis.com/archives/dailydave/2005-q2/0377.html
demo:
http://www.sabre-security.com/products/flash_bindiff_png.html
More information about the VIM
mailing list