Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

New Microsoft Tool Analyzes Memory Corruption Bugs

A newly released analysis tool from Microsoft helps security engineers and developers investigate memory corruption bugs.

A newly released analysis tool from Microsoft helps security engineers and developers investigate memory corruption bugs.

Called VulnScan, the tool has been designed and developed by the Microsoft Security Response Center (MSRC) to help determine the vulnerability type and root cause of memory corruption flaws. The utility was built on top of two internally developed tools, namely Debugging Tools for Windows (WinDbg) and Time Travel Debugging (TTD), the tech giant says.

WinDbg was created as a Windows debugger that has recently received a user interface makeover, while Time Travel Debugging is an internally developed framework designed to record and replay execution of Windows applications.

“By leveraging WinDbg and TTD, VulnScan is able to automatically deduce the root cause of the most common types of memory corruption issues. Application Verifier’s mechanism called PageHeap is used to trigger an access violation closer to the root cause of the issue,” Mateusz Krzywicki from MSRC explains.

The tool begins the analysis process from the crash location then progresses to determine the root cause. VulnScan includes support for five different classes of memory corruption issues, namely Out of bounds read/write, Use after free, Type confusion, Uninitialized memory use, and Null/constant pointer dereference.

According to Krzywicki, the tool can also detect integer overflows and underflows, along with basic out of bounds accesses caused by a bad loop counter value. Use-after-free bugs can be detected even without PageHeap enabled.

MSRC already makes use of the new tool as part of their automation framework called Sonar, which was designed to process externally reported proof of concept files. The platform can both reproduce issues and perform root cause analysis by employing multiple different environments.

Microsoft also plans on including VulnScan in the Microsoft Security Risk Detection service (Project Springfield). As part of this service, it will be used to de-duplicate crashes and provide extended analysis of vulnerabilities found through fuzzing.

Advertisement. Scroll to continue reading.

“Over a 10-month period where VulnScan was used to triage all memory corruption issues for Microsoft Edge, Microsoft Internet Explorer and Microsoft Office products. It had a success rate around 85%, saving an estimated 500 hours of engineering time for MSRC engineers,” Krzywicki says.

The tool uses multi-branch taint analysis, meaning that it can sequentially track all values obtained from a single instruction. VulnScan also features a queue of registers and memory addresses associated with specific positions in the execution timeline and performs taint analysis separately for each branch, so that application data flow could be recreated in full.

Related: Microsoft Launches Windows Bug Bounty Program

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Checkmarx has appointed Scott Gainey as Chief Marketing Officer.

Jason Hogg has been named Executive Chairman of CYPFER.

HUB Cyber Security has appointed former PayPal and American Express executive Paul Parisi as its Global Chief Revenue Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.