Injecting Trojans Via Patch Management Software &Amp; Other Evil Deeds

No ratings

Presented at Blackhat Europe 2005 by

Steve Manzuik

Chris Farrow

Patch management is an essential part of the systems security management lifecycle, which has led to a proliferation of patch management product, vendors and methodologies, It is important to acknowledge is that there will always be a window of vulnerability between the time a new vulnerability is discovered and the time the patch is available. This talk will take a vendor and technology neutral look at the process used to retrieve, validate and deploy patches in a Microsoft Windows environment. It will point out ways that a less- than-honorable person could abuse these processes and use the very tools used to protect systems as a window to compromise them. In addition to various attack scenarios from both an external (Internet) and internal (Local LAN) point of view, the presenter will offer supporting research and deconstruct a proof-of-concept patch, designed to fool certain patch management systems.