Interesante documento de investigación que argumenta se puede hacer código de explotación a partir de parches de seguridad.
--
"The automatic patch-based exploit generation prob-
lem is: given a program P and a patched version of the
program P′, automatically generate an exploit for the
potentially unknown vulnerability present in P but fixed
in P′. In this paper, we propose techniques for auto-
matic patch-based exploit generation, and show that our
techniques can automatically generate exploits for 5 Mi-
crosoft programs based upon patches provided via Win-
dows Update. Although our techniques may not work
in all cases, a fundamental tenet of security is to con-
servatively estimate the capabilities of attackers. Thus,
our results indicate that automatic patch-based exploit
generation should be considered practical. One impor-
tant security implication of our results is that current
patch distribution schemes which stagger patch distri-
bution over long time periods, such as Windows Update,
may allow attackers who receive the patch first to com-
promise the significant fraction of vulnerable hosts who
have not yet received the patch."
lem is: given a program P and a patched version of the
program P′, automatically generate an exploit for the
potentially unknown vulnerability present in P but fixed
in P′. In this paper, we propose techniques for auto-
matic patch-based exploit generation, and show that our
techniques can automatically generate exploits for 5 Mi-
crosoft programs based upon patches provided via Win-
dows Update. Although our techniques may not work
in all cases, a fundamental tenet of security is to con-
servatively estimate the capabilities of attackers. Thus,
our results indicate that automatic patch-based exploit
generation should be considered practical. One impor-
tant security implication of our results is that current
patch distribution schemes which stagger patch distri-
bution over long time periods, such as Windows Update,
may allow attackers who receive the patch first to com-
promise the significant fraction of vulnerable hosts who
have not yet received the patch."
No hay comentarios:
Publicar un comentario