It sounds like the sysadmins’ worst dream: Microsoft publishes a patch addressing a current problem and just a couple of hours later the world has to face tons of attacks regarding this issue.
Before we disconnect the network and run around in panic, let’s have a look at the facts. In my opinion it’s just a matter of time if that theory comes true. But first of all, let’s do some theoretical brainwork about that topic:
A patch gets published – let’s say it’s published at the common microsoft patch day. Our attacker is one of the first ones, grabbing it. The patch modifies some files on our box to fix some things. Our attacker could backup his test windows, apply the patches and check for modified files.
As the attacker now knows the changed files, it is possible to do some more analysis work on them, like reverse engineering. In fact it would narrow the search and maybe save some time.
It’s nothing new that malware is around. It’s not even new, that some people will always try to break in our PCs. It’s just a matter of timing as it can take quite some time until a patch really gets applied. Imagine a bigger company where you cannot just reboot a machine – in other words, there are plenty of vulnerable victims around./lang_en]
Ed Wiget says:
This really isn’t a sysadmins nightmare, its a daily problem – just have a look at bugtraq. Not only that, it is not a recent problem or a new problem. Just look at how many times an exploit has appeared and took microsoft days or weeks to fix it (nimbda, code red, etc) while companies mercifully awaited a patch….and hurried to find a temporary work around.
I literally ran myself out of business offering a solution to MS problems – which were Gentoo Linux border routers and critical servers. When you lose business from offering a better product with better reliability, it makes you rethink your business practices….today I encourage everyone to use windows while I secretly use and develop on Linux.