One of the most interesting aspects of the recent wmf drive-by attacks is that an 'unofficial' patch was created for the vulnerability as well as some workarounds by Microsoft. The unoffical patch is a one-off example of a capability that we have in Deteremina's VPS, called 'LiveShield'. For some vulnerabilities (didn't need it in this case), we generate a similar out of band patch that goes after the root cause of the vulnerability.
There are several critical differences in what was done by Ilfak and what LiveShield does on a regular basis:
There are several critical differences in what was done by Ilfak and what LiveShield does on a regular basis:
- We've got a delivery mechanism that gets this out on all of your machines in secure fashion
- It's not a one-off event
- It doesn't require extra configuration or a reboot of your computer to take effect. This is really important for servers.
- It doesn't have to be undone when you get the patch from the vendor. Here's an example of a message sent out by a patch management vendor last night:
"If you have un-registered the shimgvw.dll files as a temporary workaround for this vulnerability, or you’ve installed a third-party patch to address the WMF vulnerability, xxx recommends deploying the Microsoft MS06-001 patch, reboot, then re-register the .dll files and/or uninstall the third-party patch."With our LiveShields, you wouldn't have to do any of this to deploy the patch. It just happens automatically based upon our core matching technology.
0 Comments:
Post a Comment
<< back