This trend seems to have started with Ilfak Guilfanov, the
Chapter 19: Closing the Holes: Mitigation
495
PART IV
Figure 19-6
printf stack
layout 2
author of IDA Pro, who released a patch for the WindowsWMFexploit in late December
2005. It is not surprising that Microsoft recommended against using this third-party
patch. What was surprising was the endorsement of the patch by the SANS Internet
Storm Center. With such contradictory information, what is the average computer user
going to do? This is a difficult question that must be resolved if the idea of third-party
patching is ever to become widely accepted. Nonetheless, in the wake of the WMF
exploit, additional third-party patches have been released for more recent vulnerabilities.
We have also seen the formation of a group of security professionals into the selfproclaimed
Zeroday Emergency Response Team (ZERT), whose goal is the rapid development
of patches in the wake of public vulnerability disclosures. Finally, in response to
one of the recent bug-a-day efforts dubbed the ???Month of Apple Bugs,??? former Apple
developer Landon Fuller ran his own parallel effort, the ???Month of Apple Fixes.??? The net
result for end-users, sidestepping the question of how a third party can develop a patch
faster than an application vendor, is that, in some instances, patches for known vulnerabilities
may be available long before application vendors release official patches.
Pages:
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871