Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 1170% of Microsoft security vulnerabilities stem from memory errors
At the BlueHat Security Conference in Israel discussing security over the weekend, a Microsoft engineer revealed that over the past 12 years the number of patches Microsoft has released to fix security-related errors memory accounts for about 70%.
Memory safety is the term used to describe when applications access the operating system memory in accordance with the instructions of the system and do not cause errors. When software (inadvertently or intentionally) accessing system memory beyond memory addresses provided or beyond the allowed limits will cause security-related security vulnerabilities. mind.
The reason is that the majority of Windows source code is written in C and C ++ languages. Both of these programming languages allow programmers to take control of memory addresses to execute their code, so they are considered "unsafe for memory". A series of memory safety errors can occur if a small error occurs in the memory management code of the programmer. Attackers can take advantage of these errors to execute remote code or activate high-level privileges . causing dangerous consequences.
At the present time, memory errors are one of the most used loopholes for hackers. The most popular vulnerabilities include heap corruption (heap memory corruption) vulnerabilities and use-after-free (allowing bad guys to attack after users interact with malware).
The chart of the number of vulnerabilities is not related to memory safety (light blue) compared to the number of memory-related vulnerabilities (dark green) by year patched (horizontal axis).
Memory safety vulnerabilities include:
- Buffer overflow - Buffer overflow.
- Race condition - Too many threads to access data / resources.
- Page fault - Memory page error.
- Null pointer - Empty indicator.
- Stack exhaustion - Depletion of stacked memory areas.
- Heap exhaustion / corruption - Depletion / heap memory error.
- Use after free or double free - Allow remote code execution if users interact with malicious content.
Micah SotoYou should read it
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
- IBM developed a new technology to patch security holes
- How to fix errors that cannot format memory card
- How to find memory errors using Memory Diagnostic Tool
- 5 common errors in managing security vulnerabilities
- Causes that SD memory cards work 'sluggish'
- Learn about Flash Memory Toolkit
- Instructions for fixing memory card errors are corrupted
May be interested
- How to fix errors for ACL and SAM vulnerabilities on Windows
microsoft security has been talking about a relatively new system vulnerability for the past few days called acl & sam, and the company is rolling out a fix guide. - Microsoft fixes 149 security vulnerabilities on Windows, users should update immediatelymicrosoft just released an april security update to fix 149 security vulnerabilities on windows, two of which are actively exploited in the wild.
- Windows 7 users need to install Microsoft patches immediately to fix BlueKeep security errorstoday, windows 7 or older users need to install important patches to fix recently discovered security bugs on older windows versions.
- Immediately fix critical vulnerabilities in Windows NTLM security protocolresearchers on firewall preempt behavior have discovered two new vulnerabilities in windows ntlm security protocols. let's see what those holes are and how serious it is!
- Warning of 16 security vulnerabilities causing Microsoft products to be attackedthe department of information security (ministry of information and communications) has just issued a warning about 16 security vulnerabilities with high and serious impacts in microsoft products.
- Discover new Zero-Day vulnerabilities that target bugs in Windows 10 Task Schedulersandboxescaper, a vulnerability researcher named sandboxescaper, recently quietly announced the emergence of a new zero-exploit in windows 10 operating system less than a week after the operating system received it. get regular updates from microsoft.
- Microsoft patched 6 zero-day vulnerabilities in Windows 10microsoft's june security update fixes a total of 50 vulnerabilities, of which 6 are not known (zero-day).
- Find security holes on every site with Niktothere are several tools and applications to find security vulnerabilities in web pages, but one of the simplest tools is nikto. this article will show you how to use nikto to check security holes on every site!
- Microsoft patches new security for Internet Explorermicrosoft has released a new security patch for internet explorer (ie) web browser, with patching up 7 security bugs including 6 errors related to remote control.
- Office security with Microsoft Office (Part I)the recently discovered vulnerabilities of the microsoft office suite give us the need to understand the security architecture of ms office and vulnerabilities to exploit. in this article we will talk about ole structured storage (ole structured
Technology story
- Google officially gave feedback on concerns related to Chromium blocking ads
- Top 10 most powerful iOS devices according to Antutu rankings
- Dark Reader - A free utility that turns any website into dark mode, inviting the experience
- Chrome OS will support virtual desktops, which can operate similarly to Windows 10
- New and breakthrough technologies will appear on high-end smartphones of 2019
- Chrome will have new features that prevent websites from discovering Incognito mode
Google officially gave feedback on concerns related to Chromium blocking ads
Top 10 most powerful iOS devices according to Antutu rankings
Dark Reader - A free utility that turns any website into dark mode, inviting the experience
Chrome OS will support virtual desktops, which can operate similarly to Windows 10
New and breakthrough technologies will appear on high-end smartphones of 2019
Chrome will have new features that prevent websites from discovering Incognito mode