Microsoft Critical Patch Using Reverse Engineering Serves to Create DoS Attack

The researchers reverse-engineered one of the critical patches released by Microsoft in its round of security updates with the Tuesday-August patches. Update 11-058 resolves two vulnerabilities in Windows DNS.

The research goes against Microsoft's Exploitability Index, which gives this update a 3, which means it's unlikely that code exploiting this flaw can appear. The index is used by specialists to weigh the priority of patch application. Qualys said it's possible to perform the attack through a step-by-step process.

Although this proof of concept demonstrates a denial of service, Jogi explains that "an attacker who has successfully exploited this vulnerability could execute arbitrary code in the system context" and those "with malicious intent might be able to achieve reliable code execution."

Qualys took advantage of one of two patches that were rated as critical. This particular patch fixes two flaws in the Windows DNS server while the other fixes seven flaws in Internet Explorer.

Qualys researchers used binary comparison of patched and unpatched versions of files to compare and understand changes that were made to fix the vulnerabilities. The binary comparison tool, called TurboDiff, showed him "a list of all functions that are identical, changed, mismatched, and those that look suspicious," Jogi said.

It took two DNS servers for the proof of concept for the researchers to 'hang' one of them and serve as a comparison. The researchers found that it was particularly simple and that the vulnerability can be activated with a few simple steps. Therefore, they recommend that you "apply this security update as soon as possible."

Translation: Raul Batista - Segu-info

See original.