Microsoft to Release !exploitable Crash Analyzer as an Open Source Tool and more …
On Friday, March 20, Microsoft’s Security Science team will release the!exploitable Crash Analyzer tool as an open source tool on CodePlex at CanSecWest in Vancouver, British Columbia. The tool will be available as a free download on the Microsoft Security Engineering Center (MSEC) Web site, http://www.microsoft.com/security/msec, later that day.
!exploitable Crash Analyzer is a Windows Debugger extension that determines the uniqueness of crashes produced during development and testing, identifying those that have security implications and how exploitable they are. For more information, including a fact sheet on the tool, please visit Press Pass, http://www.microsoft.com/presspass/newsroom/security/default.mspx.
The Security Science group is part of Microsoft’s Trustworthy Computing organization, focused on protecting its customers and the industry by improving the security of Microsoft products, services and platforms through applied security research. This group of elite researchers and developers tracks and provides early warnings for new exploits, develops more effective ways to find vulnerabilities, and using its internal research, integrates innovative exploit mitigation techniques and tools to Microsoft products and in some cases, shares those tools with the broader industry.
Additionally, Trustworthy Computing will give two other presentations at the event focused on the Security Science team’s exploit mitigations, how they have been employed, why they were chosen, and how Microsoft systematically thinks about mitigations coverage.
About Enhanced GS
Enhanced GS is a mitigation designed to make it harder to exploit security vulnerabilities when they occur.
/GS (pronounced “slash GS”) is the current buffer security check feature of the Microsoft Visual Studio C++ compiler. It detects common classes of buffer overruns by injecting security checks into code compiled with this feature. Enhanced GS is the enhanced version of /GS that improves stack buffer overflow mitigation by analyzing and helping protect more functions.
Enhanced GS does deeper function analysis than /GS. Enhanced GS more accurately identifies potential hazards, thus making vulnerabilities more difficult to exploit when they occur. This enhancement enables protection to be deployed in the right places and reduces redundant protections.
Tool Release
Microsoft Corp. plans to release Enhanced GS to developers in Visual Studio 2010. In addition, Enhanced GS will be included in the Security Development Lifecycle after it is released with Visual Studio 2010.
Given that Enhanced GS is an update of the current compiler, anyone who receives the compiler update will get the new version, Enhanced GS.
Benefits
Microsoft and third-party developers will use this built-in mitigation whenever they use Visual Studio 2010. Customers will benefit from more secure products. Products built with the new Enhanced GS will be less vulnerable to buffer overflows as there will be fewer exploitable stack overflow vulnerabilities.
Microsoft plans to release this mitigation with Visual Studio 2010, which means customers will see the benefit when the next wave of products comes out after Visual Studio 2010 is released.