Microsoft MS08-001 Reversing

If you are yet unaware, Microsoft pushed out another couple of security updates this month and posted about it in their new “Microsoft Vulnerability Research and Defense” blog. Msoft started it a couple of weeks ago, providing lower level technical information about the vulnerabilities they are fixing.
Be sure to install MS08-001 if you haven’t already.

The first of the updates, MS08-001, provides reason for caution, because it allows for reliable exploitation. Surprisingly, we have not seen any public exploitation or even PoC just yet.
You can watch a great four minute video of MS08-001 patch analysis by the makers of Bindiff, a binary diffing tool used to uncover security vulnerabilities like this one. Grab your popcorn, bring a date, and head on over. I’ll ruin the ending for you…of the nine functions changed in the tcpip component that was patched, they examine one function that iterates a list of structures and mistakenly performs a bad comparison. They even find some overwriteable memory for successful exploit!

This entry was posted in Online Fraud. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>