Patches pose significant risk, researchers say

Patches pose significant risk, researchers say
Robert Lemos, SecurityFocus 2008-04-23

A group of four computer scientists urged Microsoft to redesign the way it distributes patches, after they created a technique that automatically produces attack code by comparing the vulnerable and repaired versions of a program.

Expand all | Post comment

Patches pose significant risk, researchers say 2008-04-24
Anonymous (1 replies)

This research is good research, though I'm skeptical that the techniques are going to be generally applicable. Finding the exploitable function is usually the easy part. How to get the data there is the hard part. However, the credibility of the paper is called into question with the implication that this is a Microsoft problem and that the solution is some convoluted DRM or patch secret knock process. This technique of reverse engineering vulnerabilities and then exploits from patch versions is one that is applicable to every vendor on every platform.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11514/35046#35046

Re: Patches pose significant risk, researchers say 2008-05-05
Anonymous

Huh 2008-04-24
Anonymous (7 replies)

Re: Huh 2008-04-24
Anonymous

Re: Huh 2008-04-25
Anonymous

Re: Huh 2008-04-25
Robert Lemos

Patches pose significant risk, researchers say 2008-04-24
Anonymous

On the recommendations for Microsoft... 2008-04-25
Mohit

Patches pose significant risk, researchers say 2008-04-27
Anonymous

Found something new to blame Microsoft for? 2008-04-28
Gordon Fecyk

Patches pose significant risk, researchers say 2008-05-01
Anonymous