Big patch day today

NutJob

Microsoft Pumps Out A Dozen Patches For 21 Flaws

NutJob

http://www.eweek.com/article2/0,1895,1976656,00.asp


Heres why to patch asap. Malware on the case in under 24 hours.

Anyone else love how quick patches get reverse engineered.

Martyr

if you wrote a disassembler for each file that is updated, which would generate a checksum of each routine, reporting differences in new against the old, in theory its not difficult to see where the patch is applied.

most routines are referenced by a call/jmp instruction.
if you look at the prolog/epilog bytes, most of the routines start with the creation of a stack frame.

push ebp
mov ebp,esp
sub esp,24

..ending with

add esp,24
leave
ret

there are loads of LDEs(length disassemblers) out there now for the x86 cpu, & freeware disassemblers/re-assembly code too.

probe

NutJob wrote:

Microsoft Pumps Out A Dozen Patches For 21 Flaws

I installed these patches on two machines (an XP and a Server 2003) the moment they came out.

The server 2003 machine (which checks for updates automatically but doesn’t install without say so) presented the same list of patches again over the weekend (i.e. those which had been installed several days earlier). I OK’d the second install assuming that perhaps either there were some further “bugfixes” on the bugfix or there was some glitch on the update process and these bugfixes would remain on the list of things to be done ad infinitum.

On the XP machine, there have been several minor issues since the patches were installed. E.g. file save error reports for Word when saving files, and when I tried to run Front Page 2003 a few minutes ago, it wouldn’t run and required me to go through the product installation routine yet again. No doubt after which the system will have to be re-patched. Bla bla bla.

While the above events may or may not be "random", now that BillG has decided to reduce his workload, perhaps it is time that Microsoft appointed a European as either CEO or Chairman with a view to bringing their product quality up to world class European standards and making the design of the organization more international and open. With the odd exception (eg GE and P&G) American product quality stinks (cars, chain stores, phone companies, health services [unless the patient has a BillG budget], aviation [bankrupt airlines and poorly designed boeing aircraft], financial services, newspapers and TV [WSJ excepted], food & beverage [sugar, fat and salt laden unhealthy junk for the most part], education services, planning, public transport infrastructure, public services and energy waste as a result, and MS regrettably is no exception to this rule!

probe

Capt'n Midnight

Average Joe wrote:

if you wrote a disassembler for each file that is updated, which would generate a checksum of each routine, reporting differences in new against the old, in theory its not difficult to see where the patch is applied.

If you just wanted to see which files had been updated you could use a CRC checker like FSUM www.slavasoft.com/fsum ( 80 KB)

c:
cd \
FSUM *.* -jnc -r >Pre.MD5

do patchy stuff

FSUM - c Pre.MD5 | Find /V "OK"

Should also be possible to do something like this on a LAN to see if you still need to patch after reapplying service packs