Qualys says hackers could reverse-engineer Microsoft patches to create DoS attacks
The security company Qualys this week demonstrated how to reverse-engineer a Microsoft patch in order to launch a denial-of-service attack on Windows DNS Server.
The proof-of-concept shows the steps hackers could take to attack Windows and highlights the importance of deploying Microsoft patches as soon as possible after their monthly Patch Tuesday release. The patch that Qualys used closed two holes in Windows DNS Server and was rated critical, Microsoft's most severe security rating. Microsoft said it did not expect the vulnerability to be exploited by attackers this month, but the Qualys proof-of-concept shows such exploits would be possible.
"We reverse engineered the patch to get a better understanding of the mechanism of the vulnerability and found this vulnerability can be triggered with a few easy steps," Qualys vulnerability security engineer Bharat Jogi writes in a blog post. "While the proof of concept described below demonstrates a denial of service, attackers with malicious intent may be able to get reliable code execution."