Comments on: Patch Window Shrinking - Semi-Automated Reverse Engineering

By: Jinesh Doshi

Jinesh Doshi — Wed, 21 May 2008 11:29:16 +0000

Is there any method to decompile a windows dll? I need to understand one method call.

By: Catch_twotwo

Catch_twotwo — Thu, 08 May 2008 19:07:43 +0000

The issue of delaying patches in order to test them has always been a big issue. I used to be charged with testing the patches prior to deployment to our servers across Europe. There was always the issue of speed vs. quality.

One possible protection while you test the patches is a good updated Intrusion Protection System (not just detection). Something like Snort in-line with the Emerging Threats ruleset to cover the latest things, or Tipping Point who seem to pay for the honour of having a up to date ruleset.

By: Bogwitch

Bogwitch — Wed, 07 May 2008 18:25:22 +0000

I see the problem as twofold. First, it is becoming more and more essential to deploy patches in a timely manner. Second, it is vitally important to ensure patches do not disrupt business. The situation has been seen before where patches have caused considerable issues with company infrastructures. This is not limited to Microsoft patches, anti-virus software has been seen to produce similar problems.

http://www.informationweek.com/news/management/showArticle.jhtml?articleID=181503325

So, the risks to systems increase as managers decide whether to deploy patches untested or to leave systems vulnerable until the patches have been thoroughly checked.

By: Reticent

Reticent — Tue, 06 May 2008 21:51:40 +0000

People need to be more aware of what the exploit is and how the affected system is vunerable. Many of these exploits require a particular port to be open, a service enabled, or an application installed. Many can also be rectified by good firewall ingress/egress policies. Sign up to a few security advisory services and learn how to be secure before patches are installed.