News Column

Patent Issued for Prevention of Exploitation of Update Rollback

July 3, 2014

By a News Reporter-Staff News Editor at Computer Weekly News -- Microsoft Corporation (Redmond, WA) has been issued patent number 8756694, according to news reporting originating out of Alexandria, Virginia, by VerticalNews editors.

The patent's inventors are Plante, Stephane G. (Kirkland, WA); Poulos, Adam Gabriel (Bothell, WA).

This patent was filed on March 30, 2007 and was published online on June 17, 2014.

From the background information supplied by the inventors, news correspondents obtained the following quote: "It is not uncommon for computing systems to be updated after installation. For example, a personal computer (PC) or game console (e.g., XBOX.RTM.) may contain software bugs and/or security issues needing resolution after purchase. To resolve these issues, software patches are typically provided to update systems. Hackers have been known to exploit software bugs and security flaws. A common practice among hackers it to roll back a system to a time prior to an update. For example, if a game system contains a software bug that allows game players to cheat, a patch can be issued that fixes the software bug. A hacker wanting to exploit the software bug can roll back the game system configuration to a time prior to the update, thus defeating the patch and allowing the hacker to cheat."

Supplementing the background information on this patent, VerticalNews reporters also obtained the inventors' summary information for this patent: "This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description Of Illustrative Embodiments. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.

"A mechanism is provided that prevents the use of a system that has been rolled back. Rolling back comprises rolling back a system configuration to a previous system configuration. Prevention of the use of a rolled back system is accomplished by querying the update status of a system and comparing the response thereto with an expected response. If the received response matches the expected response, the system is determined not to have been rolled back. If the received response does not match the expected response, and it is determined that the update version of the system is older than the expected update version, the system is considered to have been rolled back. If the system is determined to have been rolled back, appropriate action is taken, such as sending a warning to the system, stopping the system from operating, disabling selected features, disconnecting the system from a network, banning the system from future connections to the network, installing an update, or the like. The update status being queried can include version numbers of updates, time updates were made, responses to challenges, an indication of the system (e.g., machine serial number, unique ID value), or a combination thereof, for example."

For the URL and additional information on this patent, see: Plante, Stephane G.; Poulos, Adam Gabriel. Prevention of Exploitation of Update Rollback. U.S. Patent Number 8756694, filed March 30, 2007, and published online on June 17, 2014. Patent URL:

Keywords for this news article include: Software, Microsoft Corporation.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: Computer Weekly News

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters