How Does FireEye Find Microsoft 0-Days?

In late December of 2012, security firm FireEye discovered a zero-day attack that affected Microsoft IE. Microsoft fixed the issue in an out-of-band MS13-008 emergency patch that was issued in January. In May of 2013, FireEye found yet another zero-day attack going after IE8. Microsoft provided a patch for the second zero-day discovery as part of the May Patch Tuesday update.

Zheng Bu, senior director of Security Research at FireEye, explained to eSecurity Planet that the recent discoveries of the two zero-day flaws demonstrate the power of FireEye’s technology. Bu noted that the FireEye platform uses multi-flow and multi-vector analysis to detect next generation threats that otherwise would go undiscovered.

“We are not like other security vendors who heavily rely on string matches,” Bu said. “What we have here is a sandbox technology, with our own hypervisor to basically execute unknown objects in a controlled environment.”

FireEye’s technology leverages automated scanning as well as human intelligence to verify the existence and root cause of zero-day exploits. Bu said that when FireEye submitted its zero-day flaws to Microsoft, Microsoft requested information beyond what automated scanning and analysis is able to provide, which is where the human intervention comes into play.

“Most of the static analysis pieces have been automated in our zero-day discovery system,” Bu said. “But there are still some things that cannot be done with a machine, and you have to do those things with humans.”

Read the full story at eSecurity Planet:
Inside the Eye of a Microsoft 0-Day

Sean Michael Kerner is a senior editor at Follow him on Twitter @TechJournalist.

News Around the Web