Researchers from Carnegie Mellon University, the University of California at Berkeley, and the University of Pittsburgh have released a paper that demonstrates the reverse engineering of patches from Microsoft. What this means, according to research, is that with the use of some basic tools, exploits based off newly released patches can be created in as little as thirty seconds, or at most a few minutes.
(Image: J.Anderson) Microsoft needs to address issues surrounding monthly patches researchers say.
The process is called Automatic Patch-Based Exploit Generation (APEG). In the paper, the researchers outlined their method of using a hybrid technique based on automatic test-case generation to locate exploit candidates for flaws, “In our evaluation, we are able to automatically generate an exploit given just the unpatched and patched program usually within a few minutes. In order to achieve our results, we developed novel techniques for analyzing potential exploitable paths to a new sanitization check,” the paper said.
Because the patches are broken down so quickly, “One immediate consequence we suggest is that the current patch distribution schemes are insecure, and should be redesigned to more fully defend against automatic patch-based exploit generation,” the paper adds.
Using tools such as eEye Binary Diffing Suite, patches such as MS07-046 had a ready made Denial-of-Service exploit in less than two minutes. The paper lists several other examples of patches that were broken down and exploits created by taking apart the code.
This can be prevented the paper says, all Microsoft has to do is take some pro-active measures. For example, vendors could hide what was fixed in a patch by encrypting code. Using Peer-to-Peer distribution was another suggestion.
It is important to note that this is nothing new, the criminals online have been doing this for years. Patches released on Tuesday are often seen exploited in the wild on Wednesday. However, it once again points out the problem and offers something nothing so far has, ways to resolve it.
The paper is a great read; if you are in to hard core security science check it out:http://www.cs.cmu.edu/~dbrumley/pubs/apeg.pdf
Dawn Song of the University of California at Berkeley, Jiang Zheng of the University of Pittsburgh, and David Brumley and Pongsin Poosankam of Carnegie Mellon University, conducted the research.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story