Open mpeck12 opened 7 years ago
Threat Category: Stack, but probably applies to almost all the other categories too. Suggested by industry participants at workshop
Threat: Reverse engineering of published patches to find vulnerabilities
Threat Origin: https://www.schneier.com/blog/archives/2008/04/reverseengineer.html http://www.computerworld.com/article/2489256/malware-vulnerabilities/hackers-now-crave-patches--and-microsoft-s-giving-them-just-what-they-want.html
Exploit Example:
CVE Example:
Possible Countermeasures: Same Countermeasures as STA-0 - e.g. to ensure that patches are promptly installed
References: See Threat Origin above.
New Threat
Threat Category: Stack, but probably applies to almost all the other categories too. Suggested by industry participants at workshop
Threat: Reverse engineering of published patches to find vulnerabilities
Threat Origin: https://www.schneier.com/blog/archives/2008/04/reverseengineer.html http://www.computerworld.com/article/2489256/malware-vulnerabilities/hackers-now-crave-patches--and-microsoft-s-giving-them-just-what-they-want.html
Exploit Example:
CVE Example:
Possible Countermeasures: Same Countermeasures as STA-0 - e.g. to ensure that patches are promptly installed
References: See Threat Origin above.