George Hughey, Rohit Mothe Robert Yuen George Hughey, Rohit Mothe Robert Yuen

An Insider's Perspective on Integer Overflow Vulnerabilities

Challenges and Solutions from Identification to Mitigation at Microsoft

This talk will delve deep into one of the most prevalent memory safety issues on Windows: Integer Overflows. Over the past few years, MSRC has seen hundreds of Integer Overflow vulnerabilities, ranging from size overflows, integer truncations, overflows in checks, and reference counting overflows. We will cover the differences between these categories and investigate common pitfalls about the vulnerability root causes and their fixes.

Read More