WindowsUpdate needs to improve 30 seconds to develop attack code
April 27, 2008
[dispatch of Sai Di net] on April 27 message, say according to a paper that publishs recently, after undertaking study to the patch software of Microsoft, researcher uses business to use a tool, be in the 30 seconds shortest the attack code that gave to use software blemish with respect to development inside time.
According to foreign media the report says, researcher studied the patch software of 5 Microsoft software, finding out these software is how by the amendatory. They are written in the paper, after undertaking study to patch software, they use software of a tool, in several minutes — the code that interconnected system of attack computer science department develops inside shorter even time.
This considers to make clear, go up from theory for, the hacker can develop baleful code immediately after acquiring patch software, make more PC are faced with by the possibility of code of infection ill will.
The hacker’s action is very quick. The 2nd Tuesday of every month releases Microsoft patch software, code is in the ill will that uses blemish be publicitied to be able to appear the following day normally. The hacker seeks the loophole in software through reverse engineering technology.
Guest of quickly nigrify of code of development ill will has more time to discover but punching bag, and right now Microsoft is releasing patch software through Windows Update. The paper points out, although 24 hour hind are released in patch software, the Windows computer that also has 80% only visited the server of Microsoft. Microsoft is done so intentionally, other software firm also is ” gradually ” those who release patch software, in order to reduce the load of the server.
Researcher says, this kind of state must get a change. They are written in the paper, we think, it is insecure that current patch software releases a mechanism, ought to get correction, with preventing to be based on the baleful code that automatic patch software issues better.
Researcher used a code that the name is EEye Binary Diffing Suite to analyse a tool.
Know exactly about sth is planted the method can prevent hacker fan the flames of disorder. The manufacturer can be concealed of purpose when developing patch software want amendatory limitation, nigrify guest finds the flaw in software harder.
In studying, researcher uses the blemish in was less than 2 minutes of time to find out Windows GDI, rapid design gave a kind to reject a service to atttack code.
Microsoft can release patch software above all, after all machines receive patch software, republication a password. This one password can solve lock patch software, but can prevent a hacker to have retrorse project to patch software; Another kind of choice is use P2P network, with releasing patch software quickly.
Tags: attack, code, develop, improve, needs, seconds, WindowsUpdateAdvertisement
Latest Headlines
- And write down Huang Bu to march formally mobile phone market
- AT
- The message says grand the Touch HD that amount to report will become G2 of Gu Ge mobile phone
- Pass Woerma to will begin to sell 3G edition IPhone on November 15
- Microsoft admits Vista user account controls a function to have a problem
- Network game develops business to become visitor of the 6th aerospace
- HP chip of Nvidia of trouble of 38 table engine exposing to the sun is chief culprit
- Hollywood sues RealNetworks execute one as a warning to others
- Two men download bawdy information to be trafficced through the mobile phone seek profit to be detained
- The safety that browse is become suffer from 360 push ” privacy is browsed ” mode
