Friday, March 29, 2024

Microsoft Launches VulnScan Tool to Detect Memory Corruption Bugs

Microsoft launched new tool Vulnscan that automates the process of detecting the root cause of memory corruption issues.Vulnscan will be part of Microsoft Security Risk Detection.

It is a tool designed and developed by MSRC allows users and companies to upload their app and have it automatically determine the vulnerability type and root cause of memory corruption bugs with the wide variety of Windows or Linux platforms.

It is one of the latest addition to the Microsoft Security Risk Detection service that is currently in beta, after being launched in September 2016, then named Project Springfield.

VulnScan

Root Cause Detection-VulnScan

Most of the tools and features included with the Microsoft Security Risk Detection platform work using a technique called fuzzing, which searches for vulnerabilities that could enable awful performers to dispatch malicious attacks or just crash the system.

Also Read Google Chrome Will Block Tab-Under Behavior

Vulnscan bug detection during fuzz testing in memory-related issues.The tool helps security engineers and developers determine the vulnerability type and root cause of memory corruption bugs.” VulnScan works by producing reports like these.

Microsoft says  VulnScan is a tool designed and developed by MSRC to help security engineers and developers determine the vulnerability type and root cause of memory corruption bugs. It is built on top of two internally developed tools: Debugging Tools for Windows (WinDbg) and Time Travel Debugging (TTD).

Over a 10-month time frame where VulnScan was utilized to triage all memory defilement issues for Microsoft Edge, Microsoft Internet Explorer, and Microsoft Office items. It had a win rate around 85%, sparing an expected 500 hours of building time for MSRC engineers.

VulnScan
Source: Microsoft

Organizations and Developers can sign-up for the Microsoft Security Risk Detection service beta and test it for free before the service launches, most likely under a hefty paid subscription.

Back 2016 google launches a free Open source Fuzz testing tool OSS-Fuzz to make open source software more secure and stable.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles