Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Hackers exploit Windows patches
- From: Howell, Paul
- Date: Thu Feb 26 17:38:03 2004
At http://news.bbc.co.uk/1/hi/technology/3485972.stm
Hackers exploit Windows patches
By Mark Ward
BBC News Online technology correspondent
Malicious hackers and vandals are lazy and wait for Microsoft to issue
patches before they produce tools to work out how to exploit loopholes in
Windows, say experts.
Instead of working it out for themselves, malicious hackers are reverse
engineering the patches to better understand the vulnerabilities, said David
Aucsmith, who is in charge of technology at Microsoft's security business
and technology unit.
In a keynote speech to the E-Crime Congress organised by Britain's National
Hi-Tech Crime Unit, Mr Aucsmith said the tools that hackers were producing
were getting better and shrinking the time between patches being issued and
exploits being widely known.
"We have never had vulnerabilities exploited before the patch was known," he
said.
Tools of choice
A good example of this phenomenon, he said, was the recent ASN1 "critical
vulnerability" that Microsoft produced a patch for in early February.
The vulnerability was discovered by Eeye Digital Security in July 2003 but
no exploits were produced until three days after Microsoft's patch became
available.
"Many people reverse engineer the patch and then build the exploit code,"
said Mr Aucsmith.
Malicious hackers were greatly aided by improvements in tools that did a
better job of working out what patches did.
He said tools were available that compared patched and unpatched versions of
Windows to help vandals and criminals work out what was different.
"The guys who write the tools would not consider themselves to be criminals
by any measure," he said, "but the tools are also being picked up by people
with criminal intent."
Mr Aucsmith said he could only think of one instance when a vulnerability
was exploited before a patch was available.
"It's a myth that hackers find the holes," said Nigel Beighton, who runs a
research project for security firm Symantec that attempts to predict which
vulnerabilities will be exploited next.
He said in many cases the appearance of a patch was the spur that kicked off
activity around a particular vulnerability.
Many different malicious hackers and hacking groups competed to see who
could be the first to produce a virus or other program that could work with
the known hole, he said.
Mr Aucsmith urged companies to keep up with patches because the time they
had to react before hackers released exploits was shrinking.
Newer operating systems were also more secure than older programs such as
Windows 95 which, when it was first released, had no security features in it
at all.
"Almost all attacks against our software are against the legacy systems," he
said.
"If you want more secure software, upgrade."
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
