Hi malware fighters
The trend that exploits for a security hole are always immediately found after
a critical patch is launched, is a given fact.
Hackers know that much that they can do this within minutes or even within seconds,
causing patches to be ever more of a security risk
With the information gained in that way malcreants know the exact whereabouts
of the leak and how to abuse it.
In the past it took a couple of days before a working exploit had been made.
Now through ready accessible tools this malware process has been automated.
In this way you can wait a minute or even a couple of seconds and the exploit is there.
So malcreants that have a patch at an early stage can turn it into an exploit and abuse it.
Users that use the Automatic Update function have this function set at a given time.
Patches have been made available some couple of hours earlier, and that provides
ample time for malcreants to launchj their attack, and be successful.
In the case of Windows it takes a full 24 hours to provide 80% of Windows machines
with an update.
Researchers from Berkeley, Pittsburgh en Carnegie Mellon made a survey into this phenomenon,
they named “automatic patch-based exploit generation” (APEG).
http://www.cs.cmu.edu/~dbrumley/pubs/apeg.pdf
“The current patch distribution system has not been designed,
with the current APEG threat in mind. Our research data show that we should
start immediately to redesign the current patch distribution routines.”
The researchers involved see three possible solutions to the problem
First solution is to hide the adaptations made inside the patch.
Patches should come encrypted and roll out should take place at a later point.
So everybody would have these patches in time, and everybody could install
them at once.
Third solution is to spread them through P2P,
so everybody downloads patches at the same time.
A reader came with quite a different solution here:
http://isc.sans.org/diary.php?storyid=4310
polonus