This is a fascinating story about detecting a zero-day exploit very early in its life.

Posted bychrisdolan

This is a fascinating story about detecting a zero-day exploit very early in its life.

Originally shared by Wayne Radinsky

MS08-067 was a security exploit in netapi32.dll that was discovered within its first 6 uses and 400 million Windows machines were patched before the attackers could use it. It was discovered in the “long tail” of reports from the Windows Error Reporting system that users can use to send crash data to Microsoft.

http://blogs.technet.com/b/johnla/archive/2015/09/26/the-inside-story-behind-ms08-067.aspx