Tuesday, March 2, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Microsoft: 70 percent of all security bugs are memory safety issues

February 11, 2019
in Internet Security
Microsoft: 70 percent of all security bugs are memory safety issues
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Matt Miller

Around 70 percent of all the vulnerabilities in Microsoft products addressed through a security update each year are memory safety issues; a Microsoft engineer revealed last week at a security conference.

Memory safety is a term used by software and security engineers to describe applications that access the operating system’s memory in a way that doesn’t cause errors.

You might also like

SolarWinds security fiasco may have started with simple password blunders

Singapore eyes more cameras, technology to boost law enforcement

Free cybersecurity tool aims to help smaller businesses stay safer online

Memory safety bugs happen when software, accidentally or intentionally, accesses system memory in a way that exceeds its allocated size and memory addresses.

Users who often read vulnerability reports come across terms over and over again. Terms like buffer overflow, race condition, page fault, null pointer, stack exhaustion, heap exhaustion/corruption, use after free, or double free –all describe memory safety vulnerabilities.

Speaking at the BlueHat security conference in Israel last week, Microsoft security engineer Matt Miller said that over the last 12 years, around 70 percent of all Microsoft patches were fixes for memory safety bugs.

The reason for this high percentage is because Windows has been written mostly in C and C++, two “memory-unsafe” programming languages that allow developers fine-grained control of the memory addresses where their code can be executed. One slip-up in the developers’ memory management code can lead to a slew of memory safety errors that attackers can exploit with dangerous and intrusive consequences –such as remote code execution or elevation of privilege flaws.

Memory safety errors are today’s biggest attack surface for hackers, and attackers appear to be capitalizing on their availability. According to Miller’s presentation, use after free and heap corruption vulnerabilities continue to be the preferred bugs when attackers are developing exploits.

Microsoft memory safety bug exploited trends

Image: Matt Miller
Microsoft memory safety bug root causes

Image: Matt Miller

Furthermore, as Microsoft has patched most of the basic memory safety bugs, attackers and bug hunters have also stepped up their game, moving from basic memory errors that spew code into adjacent memory to more complex exploits that run code at desired memory addresses, ideal for targeting others apps and processes running on the system.

Microsoft memory safety adjacency

Image: Matt Miller

Related security coverage:

Credit: Source link

Previous Post

First Android Clipboard Hijacking Crypto Malware Found On Google Play Store

Next Post

Gain Marketing Intelligence About Your Competition

Related Posts

SolarWinds security fiasco may have started with simple password blunders
Internet Security

SolarWinds security fiasco may have started with simple password blunders

March 2, 2021
Singapore eyes more cameras, technology to boost law enforcement
Internet Security

Singapore eyes more cameras, technology to boost law enforcement

March 2, 2021
Free cybersecurity tool aims to help smaller businesses stay safer online
Internet Security

Free cybersecurity tool aims to help smaller businesses stay safer online

March 2, 2021
Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit
Internet Security

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

March 1, 2021
These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Next Post
Gain Marketing Intelligence About Your Competition

Gain Marketing Intelligence About Your Competition

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

SolarWinds security fiasco may have started with simple password blunders
Internet Security

SolarWinds security fiasco may have started with simple password blunders

March 2, 2021
Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions
Internet Privacy

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions

March 2, 2021
Importance of Data Science in Modern Age
Data Science

Importance of Data Science in Modern Age

March 2, 2021
Ask the Expert: What’s New in Azure Machine Learning | Ask the Expert
Machine Learning

Ask the Expert: What’s New in Azure Machine Learning | Ask the Expert

March 2, 2021
Can India beat the global AI challenge? Can we avoid huge job extinction here? | by Yogesh Chauhan | Jan, 2021
Neural Networks

Can India beat the global AI challenge? Can we avoid huge job extinction here? | by Yogesh Chauhan | Jan, 2021

March 2, 2021
Singapore eyes more cameras, technology to boost law enforcement
Internet Security

Singapore eyes more cameras, technology to boost law enforcement

March 2, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • SolarWinds security fiasco may have started with simple password blunders March 2, 2021
  • Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions March 2, 2021
  • Importance of Data Science in Modern Age March 2, 2021
  • Ask the Expert: What’s New in Azure Machine Learning | Ask the Expert March 2, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates