Reverse Engineering Microsoft Patches in 20 Minutes

Halvar posted to the DailyDave mail list today showing a brief flash based demonstration of some of his reverse engineering tools. The presentation shows how one can reverse engineer a Microsoft patch using binary diff analysis, and figure out exactly what the vulnerability is, down to the function.

What will this technology and method do, when hundreds (thousands?) of people can reverse engineer a patch that fast, and offer full vulnerability details within minutes of a patch? That type of information would be incredibly valuable to some people, probably for more nefarious purposes. That type of information would be incredible for the security community and vulnerability databases who often have a difficult time separating issues due to lack of details.

Even more interesting, would this show a more concise history of vulnerabilities in a given vendor’s product that demonstrates the same programs, routines and even functions are found vulnerable repeatedly? Would this help companies identify who should be singled out for additional “secure coding” workshops?

post: http://archives.neohapsis.com/archives/dailydave/2005-q2/0377.html
demo: http://www.sabre-security.com/products/flash_bindiff_png.html

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 5,028 other followers

%d bloggers like this: