"The automatic patch-based exploit generation problem is: given a
program P and a patched version of the program P', automatically
generate an exploit for the potentially unknown vulnerability present
in P but fixed in P'. In this paper, we propose techniques for
automatic patch-based exploit generation, and show that our techniques
can automatically generate exploits for vulnerable programs based upon
patches provided via Windows Update.
In many cases we are able to automatically generate exploits
within minutes or less. Although our techniques may not work in all
cases, a fundamental tenet of security is to conservatively estimate
the capabilities of attackers. Thus, our results indicate that
automatic patch-based exploit generation should be considered
practical. One important security implication of our results is that
current patch distribution schemes which stagger patch distribution
over long time periods, such as Windows Update, may allow attackers who
receive the patch first to compromise the significant fraction of
vulnerable hosts who have not yet received the patch. Thus, we conclude
update schemes, such as Windows Update as currently implemented, can
detract from overall security, and should be redesigned. "
Whitepaper Link: http://www.cs.cmu.edu/%7Edbrumley/pubs/apeg.pdf