It sounds like the sysadmins’ worst dream: Microsoft publishes a patch addressing a current problem and just a couple of hours later the world has to face tons of attacks regarding this issue.
Before we disconnect the network and run around in panic, let’s have a look at the facts. In my opinion it’s just a matter of time if that theory comes true. But first of all, let’s do some theoretical brainwork about that topic:
A patch gets published – let’s say it’s published at the common microsoft patch day. Our attacker is one of the first ones, grabbing it. The patch modifies some files on our box to fix some things. Our attacker could backup his test windows, apply the patches and check for modified files.
As the attacker now knows the changed files, it is possible to do some more analysis work on them, like reverse engineering. In fact it would narrow the search and maybe save some time.
It’s nothing new that malware is around. It’s not even new, that some people will always try to break in our PCs. It’s just a matter of timing as it can take quite some time until a patch really gets applied. Imagine a bigger company where you cannot just reboot a machine – in other words, there are plenty of vulnerable victims around./lang_en]