Automatic Patch-Based Exploit Generation Attackers can simply wait for a patch to be released, use these techniques, and with reasonable chance, produce a working exploit within seconds. Coupled with a worm, all vulnerable hosts could be compromised before most are even aware a patch is available, let alone download it. Thus, Microsoft should redesign Windows Update. We propose solutions which prevent several possible schemes, some of which could be done with existing technology. in Public bookmarkswith automaticexploitgenerationhackinfosecmicrosoftpatchsecurityupdatewindowsworm
Edited 10/18/2004: This blog has gained far more attention than I could have ever imagined when I decided to create a small personal blog devoted to security incident response. I never imagined my first ever post would be as controversial or as widely in Public bookmarkswith bloghensinginfosecpasswordsphrasesrobertsecuritywindows