| 发明名称 |
Prevention of exploitation of update rollback |
| 摘要 |
The exploitation of rolling back a system configuration to a previous system configuration is prevented by querying the update status of the system and comparing the received response with an expected response. If the comparison indicates that the update version of the system is older than the expected update version, the system is determined to have been rolled back. Accordingly, appropriate action is taken, such as sending a warning to the system, stopping the system from operating, disabling selected features, disconnecting the system from a network, banning the system from future connections to the network, and/or installing an update. The query can include a request for update version numbers of updates, times when updates were applied, predetermined questions, and an indication of the system (e.g., machine serial number, unique ID value). |
| 申请公布号 |
US8756694(B2) |
申请公布日期 |
2014.06.17 |
| 申请号 |
US200711731817 |
申请日期 |
2007.03.30 |
| 申请人 |
Microsoft Corporation |
发明人 |
Plante Stephane G.;Poulos Adam Gabriel |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
Webster Bryan;Sanders Andrew;Minhas Micky |
| 主权项 |
1. A method comprising:
providing a query for software update status information, an intended recipient of the provided query being a device; receiving, by a processor in a security gateway, a response to the query, wherein the response is indicative of a current software update status of a device; comparing, via the processor, the received response with an expected response using software update status information stored in the security gateway; and if a result of the comparing indicates that the current software update status is older than an expected software update status, concluding that a roll back has occurred in the device.
|
| 地址 |
Redmond WA US |
