[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Thursday, 26 February, 2004, 10:54 GMT
Hackers piggyback on Windows patches
By Mark Ward
BBC News Online technology correspondent

Malicious hackers and vandals are lazy and wait for Microsoft to issue patches before they produce tools to work out how to exploit loopholes in Windows, say experts.

Exploits get written once patches appear
Instead of working it out for themselves, malicious hackers are reverse engineering the patches to better understand the vulnerabilities, said David Aucsmith, who is in charge of technology at Microsoft's security business and technology unit.

In a keynote speech to the E-Crime Congress organised by Britain's National Hi-Tech Crime Unit, Mr Aucsmith said the tools that hackers were producing were getting better and shrinking the time between patches being issued and exploits being widely known.

"We have never had vulnerabilities exploited before the patch was known," he said.

Tools of choice

A good example of this phenomenon, he said, was the recent ASN1 "critical vulnerability" that Microsoft produced a patch for in early February.

The vulnerability was discovered by Eeye Digital Security in July 2003 but no exploits were produced until three days after Microsoft's patch became available.

"Many people reverse engineer the patch and then build the exploit code," said Mr Aucsmith.

Malicious hackers were greatly aided by improvements in tools that did a better job of working out what patches did.

Close-up of watch, BBC
Firms have less time to react to vulnerabilities
He said tools were available that compared patched and unpatched versions of Windows to help vandals and criminals work out what was different.

"The guys who write the tools would not consider themselves to be criminals by any measure," he said, "but the tools are also being picked up by people with criminal intent."

Mr Aucsmith said he could only think of one instance when a vulnerability was exploited before a patch was available.

"It's a myth that hackers find the holes," said Nigel Beighton, who runs a research project for security firm Symantec that attempts to predict which vulnerabilities will be exploited next.

He said in many cases the appearance of a patch was the spur that kicked off activity around a particular vulnerability.

Many different malicious hackers and hacking groups competed to see who could be the first to produce a virus or other program that could work with the known hole, he said.

Mr Aucsmith urged companies to keep up with patches because the time they had to react before hackers released exploits was shrinking.

Newer operating systems were also more secure than older programs such as Windows 95 which, when it was first released, had no security features in it at all.

"Almost all attacks against our software are against the legacy systems," he said.

"If you want more secure software, upgrade."

'Protect PCs' Microsoft users told
11 Feb 04  |  Technology
Cracking the hacker underground
14 Nov 03  |  Technology
Hacker hit parade goes live
05 Aug 03  |  Technology
Closing the holes on hackers
03 May 03  |  Technology
Microsoft fixes 'phishing' flaw
03 Feb 04  |  Technology
Fighting viruses on the frontline
22 Aug 03  |  Technology

The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific