Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Apr 3, 2014
By: Jon Erickson
Microsoft has often used Fix It patches, which are a subset of Application Compatibility Fixes, as a way to stop newly identified active exploitation methods against their products. A common Fix It patch type used to prevent exploitation is the previously undocumented In Memory Fix It. This research first focuses on analyzing these in-memory patches. By extracting information from them researchers are able to better understand the vulnerabilities that Microsoft intended to patch. The research then focuses on reverse engineering the patches and using this information to provide the ability to create patches which can be used to maintain persistence on a system.