70% of Microsoft security vulnerabilities stem from memory errors
At the BlueHat Security Conference in Israel discussing security over the weekend, a Microsoft engineer revealed that over the past 12 years the number of patches Microsoft has released to fix security-related errors memory accounts for about 70%.
At the BlueHat Security Conference in Israel discussing security over the weekend, a Microsoft engineer revealed that over the past 12 years the number of patches Microsoft has released to fix security-related errors memory accounts for about 70%.
Memory safety is the term used to describe when applications access the operating system memory in accordance with the instructions of the system and do not cause errors. When software (inadvertently or intentionally) accessing system memory beyond memory addresses provided or beyond the allowed limits will cause security-related security vulnerabilities. mind.
The reason is that the majority of Windows source code is written in C and C ++ languages. Both of these programming languages allow programmers to take control of memory addresses to execute their code, so they are considered "unsafe for memory". A series of memory safety errors can occur if a small error occurs in the memory management code of the programmer. Attackers can take advantage of these errors to execute remote code or activate high-level privileges . causing dangerous consequences.
At the present time, memory errors are one of the most used loopholes for hackers. The most popular vulnerabilities include heap corruption (heap memory corruption) vulnerabilities and use-after-free (allowing bad guys to attack after users interact with malware).
The chart of the number of vulnerabilities is not related to memory safety (light blue) compared to the number of memory-related vulnerabilities (dark green) by year patched (horizontal axis).
Memory safety vulnerabilities include:
- Buffer overflow - Buffer overflow.
- Race condition - Too many threads to access data / resources.
- Page fault - Memory page error.
- Null pointer - Empty indicator.
- Stack exhaustion - Depletion of stacked memory areas.
- Heap exhaustion / corruption - Depletion / heap memory error.
- Use after free or double free - Allow remote code execution if users interact with malicious content.
You should read it
- Android phone full of memory, what to do to fix?
- How to fix Windows 10 memory leak
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
- IBM developed a new technology to patch security holes
- How to fix errors that cannot format memory card
- How to find memory errors using Memory Diagnostic Tool
- 5 common errors in managing security vulnerabilities
- Causes that SD memory cards work 'sluggish'
- Learn about Flash Memory Toolkit
- Instructions for fixing memory card errors are corrupted
- Intel continues to have a Plundervolt security vulnerability that reduces CPU voltage
- How to fix BlueKeep security error for Windows 2003, Windows XP, Windows 7, Windows Server 2008
Maybe you are interested
Experts say important information about strain Omicron will be available in the next few days How To Successfully Promote Your Business And Get More Customers How to Use a Digital Multimeter How to Use Voltage Testers How to Use a Voltmeter Dell Latitude 9510 officially launched: 5G support, up to 30 hours of battery life