Observation from Microsoft Zero-Day Vulnerability Examples
نویسندگان
چکیده
Zero-Day vulnerabilities are an intriguing and ever increasing problem. Microsoft has been one of the more exploited companies having Zero-Day vulnerabilities. This paper intends to identify some relationships within the ZeroDay vulnerabilities identified in nineteen news articles from 2010. We tried to collect data on vulnerability report date, attack report date, vulnerability patch date, vulnerability life cycle category, exploit implemented, Microsoft product affected, and affected functionality. Based on this data, we analyzed the duration between vulnerability notification and attack dates, the distribution of different vulnerability life cycle categories, the most common Microsoft product affected, and the most common exploitation technique used. Our data shows that Potential for Attack (POA) is the most common vulnerability life cycle category, Windows XP SP3 is the most affected system, and the most common exploitation technique is by finding Back/Trap doors.
منابع مشابه
Digtool: A Virtualization-Based Framework for Detecting Kernel Vulnerabilities
Discovering vulnerabilities in operating system (OS) kernels and patching them is crucial for OS security. However, there is a lack of effective kernel vulnerability detection tools, especially for closed-source OSes such as Microsoft Windows. In this paper, we present Digtool, an effective, binary-code-only, kernel vulnerability detection framework. Built atop a virtualization monitor we desig...
متن کامل"Patch on Demand" Saves Even More Time?
I n the June 2004 Security column (" A Patch in Nine Saves Time? " pp. 82-83), Bill Arbaugh makes two interesting observations: first, whoever has the tightest observe-orient-decide-act (OODA) loop will prevail in a confrontation; second, the infection rates of recent worms suggest that the good guys are losing the battle. Arbaugh offers some sensible suggestions to vendors and security profess...
متن کاملPattern Mining for Future Attacks
Malware writers are constantly looking for new vulnerabilities in popular software applications to exploit for profit, and discovering such a flaw is literally equivalent to finding a gold mine. When a completely new vulnerability is found, and turned into what are called Zero Day attacks, they can often be critical and lead to data loss or breach of privacy. Zero Day vulnerabilities, by their ...
متن کاملThe U.S. Vulnerabilities Equities Process: An Economic Perspective
The U.S. Vulnerabilities Equities Process (VEP) is used by the government to decide whether to retain or disclose zero day vulnerabilities that the government possesses. There are costs and benefits to both actions: disclosing the vulnerability allows the the vulnerability to be patched and systems to be made more secure, while retaining the vulnerability allows the government to conduct intell...
متن کاملPatrol: Revealing Zero-Day Attack Paths through Network-Wide System Object Dependencies
Abstract. Identifying attack paths in enterprise network is strategically necessary and critical for security defense. However, there has been insufficient efforts in studying how to identify an attack path that goes through unknown security holes. In this paper, we define such attack paths as zero-day attack paths, and propose a prototype system named Patrol to identify them at runtime. Using ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011