Iris Classon
Iris Classon - In Love with Code

‘Stupid’ Question 8:What is Patch Tuesday and Exploit Wednesday?

[To celebrate my first year of programming I will ask a ‘stupid’ questions daily on my blog for a year, to make sure I learn at least 365 new things during my second year as a developer]
Yesterday I realized to my disappointment that I was pretty much unable to remote desktop to the new server, as the results were shown with delay, and the graphics rendered where beyond crap- and that’s bad. My husband asked me if I had run any updates lately, and he he ,- no I hadn’t. I had gotten quite good, and fast, at hitting the delay button- until I actually turned off the notifications. They never came at a good time. During the 100 updates being installed (yes,- and we only picked out the ones I needed/wanted) we started talking about updates. I asked if the updates were sent out on regular basis, and he said that yes, they have something called Patch Tuesday. I googled it, and learned the answer to that as well as another word.

This is my Tuesday Patch :D

Patch Tuesday: Microsoft releases security patches usually every second Tuesday each month, patches that are very important will be released immediately. Last update was July 10 and consisted of 9 updates correcting 16 issues(OS and software).

Image the big smiles on the Malware authors when patches are released? Ahhh… all the things I could do… muahahah *Evil laughter*

Exploit Wednesday: One the patches are released evil hackers will know about vulnerabilities, and since many don’t (like me – but not anymore) install the updates there’s an excellent opportunity to exploit this for malware authors. This day has also been called Day Zero. (view comment)

Comments

Leave a comment below, or by email.
Graham
7/27/2012 12:42:15 AM
A comment on Exploit Wednesday: once the patches are out, hackers can decompile them to find out what they patch and target the (unpatched) vulnerabilities. Because people often take a while to install new patches, there's a time for which those vulnerabilities can be exploited.

Day Zero (and Zero-Day or 0day exploits) is a bit different. This refers to attacks that are produced by hackers before the patch is available or the vulnerability is even discovered by the vendor. Imagine that a patch is released on day 1, then these attacks get in before that so on day 0. It's kind of the holy grail for hackers to find and exploit 0days because then their victims don't even know there's a problem that needs fixing. 
Iris Classon
7/27/2012 12:53:02 AM
Thank you for pointing that out, now the name makes more sense :) I've added an edit to the post! 
Cosmin.Net
7/30/2012 9:48:00 AM
actually the hackers do not really decompile the patches as there would be too much work. first of all it's not so simple to decompile binary code. even if you could acomplish that it would be a lot of work to spot vulnerability. 
there is actually a more simple method. let's say you have a major hole in remote desktop and a patched appeared. let's say that the vulnerabile version allows you to login with some universal password because a a programmer used that and forgot to remove it. the bulletin does not say what password but it's enough to have some hints like to know that there IS a magic password. you then start doing some decompile/diff on the the before and after files and chances are that you will get the magic password within the differing areas. of course this is a overlysimplistic view but you get an ideea on how it works. 


Last modified on 2012-07-26

comments powered by Disqus