Probing Patches: Beyond Microsoft’s ANS

Presented at BSidesSF 2015, April 20, 2015, 3 p.m. (60 minutes).

Patch analysis is the process of examining the difference in vendor supplied binaries incrementally across security updates. Unfortunately, this technique remains less used (at least publically) as a means for understanding vulnerabilities and measuring risk. We aim to provide some exposure to patch analysis by way of examining the process of performing a binary diff against a recent Microsoft CVE. We further aim to demonstrate the utility of fuzzing during the patch diffing process.

Presenters:

• bill finlayson
  Bio - Bill Finlayson is a Senior Security Researcher with BeyondTrust. Bill focuses on vulnerability research and discovery, reverse engineering, and is part of the development team of Retina - a well-known vulnerability assessment solution.

Links:

• https://bsidessf2015.sched.com/event/2txJ/probing-patches-beyond-microsofts-ans

Similar Presentations:

• DEF CON 18 (2010) / ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically
• Black Hat USA 2010 / ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically
• REcon 2023 / Patch Diffing In The Dark