Timing of Microsoft Patches Gives a False Sense of Security

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
"Some exploitable software bugs are found by independent researchers and never reported to the software vendor. They are deadly because nobody knows about them except the attacker. This means there is little to no defense against them (no patch is available).

Many exploits that have been publicly known for more than a year are still being widely exploited today. Even if there is a patch available, most system administrators don't apply the patches in a timely fashion. This is especially dangerous since even if no exploit program exists when a security flaw is discovered, an exploit program is typically published within a few days after release of a public advisory or a software patch.

Although Microsoft takes software bugs seriously, integrating changes by any large operation system vendor can take an inordinate amount of time.

When a researcher reports a new bug to Microsoft, she is usually asked not to release public information about the exploit until a patch can be released. Bug fixing is expensive and takes a great deal of time. Some bugs are not fixed until several months after they are reported.

One could argue that keeping bugs secret encourages Microsoft to take too long to release security fixes. As long as the public does not know about a bug, there is little incentive to quickly release a patch. To address this tendency, the security company eEye has devised a clever method to make public the fact that a serious vulnerability has been found, but without releasing the details."

Information is extracted from "ROOTKITS, Subverting the Windows Kernel"; by Greg Hoglund and James Butler
 

DeadDrop

New Member
Aug 19, 2012
69
Just a question is that book worth the $$$? Do you have a PDF version of it you can share?
 

Gnosis

Level 5
Thread author
Apr 26, 2011
2,779
I don't have a PDF version. The internet is stubborn concerning this book. I have typed almost all of what I have posted from the book. You can buy it used at Amazon for 12 bucks. That includes shipping. It is a good read. I got my used copy at Half Price Books. It is like new. I got it for 7 bucks.

A great complement to it is a book entitled: "Exploiting Software". That would be kind of like "part 1" of the series, whereas ROOTKITS, Subverting.................would be part II.

http://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319/ref=sr_1_1?s=books&ie=UTF8&qid=1347081497&sr=1-1&keywords=rootkits+subverting+the+windows+kernel

http://www.amazon.com/Exploiting-Software-How-Break-Code/dp/0201786958/ref=sr_1_1?s=books&ie=UTF8&qid=1347081567&sr=1-1&keywords=exploiting+software
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top