发明名称 |
Identifying exploitation of vulnerabilities using error report |
摘要 |
A tool and method examine error report information from a computer to determine not only whether a virus or other malware may be present on the computer but also may determine what vulnerability a particular exploit was attempting to use to subvert security mechanism to install the virus. A system monitor may collect both error reports and information about the error report, such as geographic location, hardware configuration, and software/operating system version information to build a profile of the spread of an attack and to be able to issue notifications related to increased data collection for errors, including crashes related to suspected services under attack. |
申请公布号 |
US8745703(B2) |
申请公布日期 |
2014.06.03 |
申请号 |
US20080144694 |
申请日期 |
2008.06.24 |
申请人 |
Microsoft Corporation |
发明人 |
Lambert John J.;Thomlinson Matthew W.;Lucas Alexander R. G.;Kelly James P.;Carter David S.;Diver Matthew I.;Crowe Emma L. |
分类号 |
G06F21/00 |
主分类号 |
G06F21/00 |
代理机构 |
|
代理人 |
|
主权项 |
1. A computer-implemented method of computer forensics to determine whether an error report contains evidence of an attempted exploit, the method comprising:
obtaining the error report generated by a computing system and including error data related to one or more errors within the computing system; scanning, with a computer processor, the error report for a memory pattern indicative of an unsuccessful attempt to subvert a security mechanism of the computing system; scanning, with the computer processor, the error report for exception information indicative of a point of attack within the computing system of the unsuccessful attempt to subvert the security mechanism; and recording, with the computer processor, forensic data associated with a result of any of the scanning steps onto a computer-readable storage medium.
|
地址 |
Redmond WA US |