Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/23/2009
03:03 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Microsoft Offers Free Tool For ID'ing Most Risky Bugs In Windows Applications

New !exploitable Crash Analyzer helps developers focus on vulnerabilities most open to abuse

Microsoft is offering a free, open-source tool for developers that automates the discovery of application vulnerabilities that could be exploited by the bad guys. The new !exploitable (pronounced "bang exploitable") Crash Analyzer is an add-on to Microsoft's Windows debugger fuzzing tool.

Members of Microsoft's Security Science team released the tool on Friday at the CanSecWest security conference in Toronto. !exploitable sorts out whether bugs that cause crashes during development and testing have security implications, and whether an attacker could exploit them.

"The problem with fuzzers is that they find too many bugs -- not just the exploitable ones," says HD Moore, creator of the popular Metasploit hacking tool and director of security for BreakingPoint Systems. "It seems like a great way to focus on the bugs which look promising, in a way that is less susceptible to human error. It would be a great first test for any new crash, and allows the researchers to focus only on the bugs that have a good chance of being exploited."

!exploitable is Microsoft's latest freebie tool for developers. The software giant in September released a free Threat Modeling Tool as part of its effort to open up its internal Security Development Lifecycle (SDL) framework to third-party application developers and customers in the spirit of promoting more secure software. At the time, Steve Lipner, Microsoft's senior director of security engineering strategy for the Trustworthy Computing Group, said Microsoft would continue to promote the development of secure software in the industry.

In August 2008, Microsoft announced it would share its vulnerability research finds with third-party developers for Windows and help them fix flaws in their software.

!exploitable handles crash analysis for developers and testers, which traditionally had been the domain of a security expert, according to Microsoft. It identifies the actual issues that cause an application to crash. Microsoft expects third-party developers and testers, as well as security researchers, to use its tool.

Developers typically are faced with numerous bugs during the development process; Microsoft's !exploitable tool sorts out the truly dangerous ones for them. Metasploit's Moore, who hopes to get a chance to test the tool soon, says researchers who have used it so far have reported that the tool "errs on the side of 'exploitable,'" so it's "not too accurate yet."

He also notes that !exploitable could be used in tandem with the Metasploit-related Windows-native debugging tool called Byakugan (PDF). "The Microsoft plug-in tries to determine whether something is exploitable based on the exception, and the Metasploit one tries to help you write the actual exploit," Moore says. "So theoretically you would start off with !exploitable, and then load Byakugan to write the [exploit] module."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21392
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addre...
CVE-2021-21393
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-29429
PUBLISHED: 2021-04-12
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded in...
CVE-2021-21394
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-22497
PUBLISHED: 2021-04-12
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.