VulnScan tool has been designed and developed by MSRC (Microsoft Security Response Center), it will be added to Microsoft Security Risk Detection, which is a cloud service that enables users and organizations to determine the vulnerability type and root cause of memory corruption bugs.
The tool is built on top of Debugging Tools for Windows (WinDbg) and Time Travel Debugging (TTD). WinDbg is Microsoft’s Windows debugger and Time Travel Debugging is an internally developed framework that records and replays execution of Windows applications.
According to Microsoft:
“With the help of the Time Travel Debugging (TTD) we can explore code in both directions of the timeline of code execution. We use taint techniques to track register changes and memory breakpoints to track writes to the memory. Every instruction in the tainting process is analysed in the context of previously executed instructions to find the possible root cause of the issue and to determine the bug class.”
MSRC (Microsoft Security Response Center) uses this tool (VulnScan) as part of Sonar (automation framework), which is automatically processes externally reported proof of concept files on all supported platforms and software versions. The framework is used to both reproduce and to perform the source cause analysis.
