Reverse Engineering Microsoft Patches in 20 Minutes

[This was originally published on the OSVDB blog.]

Halvar posted to the DailyDave mail list today showing a brief flash based demonstration of some of his reverse engineering tools. The presentation shows how one can reverse engineer a Microsoft patch using binary diff analysis, and figure out exactly what the vulnerability is, down to the function.

What will this technology and method do, when hundreds (thousands?) of people can reverse engineer a patch that fast, and offer full vulnerability details within minutes of a patch? That type of information would be incredibly valuable to some people, probably for more nefarious purposes. That type of information would be incredible for the security community and vulnerability databases who often have a difficult time separating issues due to lack of details.

Even more interesting, would this show a more concise history of vulnerabilities in a given vendor’s product that demonstrates the same programs, routines and even functions are found vulnerable repeatedly? Would this help companies identify who should be singled out for additional “secure coding” workshops?


Leave a Reply