CN107577948B - Vulnerability repairing method and device - Google Patents
Vulnerability repairing method and device Download PDFInfo
- Publication number
- CN107577948B CN107577948B CN201710726288.4A CN201710726288A CN107577948B CN 107577948 B CN107577948 B CN 107577948B CN 201710726288 A CN201710726288 A CN 201710726288A CN 107577948 B CN107577948 B CN 107577948B
- Authority
- CN
- China
- Prior art keywords
- file
- patch
- files
- local
- directory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides a vulnerability repairing method and device. The method comprises the following steps: acquiring a patch package for repairing a local vulnerability, wherein the patch package comprises a patch file directory and patch file identity information; acquiring a corresponding file to be installed according to a patch file directory in the patch package, and caching the file to be installed to a local specified directory; verifying the files to be installed cached to the specified directory by using the patch file identity information, and judging whether the files to be installed are tampered to obtain a judgment result; and correspondingly processing the files to be installed cached to the specified directory according to the judgment result, and adjusting the cache state to the installed state after all the files to be installed are processed, so that the repair of the local vulnerability is completed. The method and the device can avoid the problems of black screen or blue screen and the like caused by the inconsistency of the local patch file and the file required to be released by the patch package after the patch is installed.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a vulnerability repairing method and device.
Background
The computer system is composed of computer software resources and hardware resources, and the computer operating system is the foundation and the core of the computer software resources. However, the design and development of operating systems is a complex and large system project, and various defects and errors are inevitable, and are generally called system vulnerabilities. A system bug may cause a serious error or may be utilized by an illegal person to spread malicious programs such as viruses and trojans. This is also true for some applications, where vulnerabilities that can have serious consequences are also present during design and development. Therefore, timely discovery and processing of these vulnerabilities is also an important component of the overall software project.
A common way for operating system or application software developers to provide users with bug fixes is to provide users with patches for discovered bugs, and select and install the patches at the user end. In the prior art, for example, for a windows operating system, in the process of installing a patch at a user side, when a patch file is released to a local, if a corresponding system file already exists in the local, the system file is acquired from the local, so that the consumption of system resources is reduced.
However, there are currently a number of modified versions of the system, such as the typical ghost system, rain forest windage system, etc. In these modified versions of the system, some local system files are often tampered with by the producer or by viruses, trojans, and the like. Even with the original system, a situation in which the local system file is tampered with occurs after being infected with a virus, a trojan, or the like. Therefore, when a user downloads an official patch for installation, if a tampered system file is acquired from the local, because the acquired local system file is inconsistent with a file required to be released by the patch, when the computer is restarted after the patch is installed, the problems of black screen, even blue screen and the like can occur, and the normal use of the computer is influenced. For example, in an NSA event, after a large number of computers installed with windows7 operating systems are installed with patches for repairing vulnerabilities attacked by persistent blue leco viruses, problems such as black screens or blue screens due to inconsistency of system files occur. Therefore, there is a need to solve the above problems.
Disclosure of Invention
In view of the above, the present invention is proposed in order to provide a vulnerability fixing method and a corresponding apparatus that overcome or at least partially solve the above problems.
Based on one aspect of the present invention, an embodiment of the present invention provides a vulnerability fixing method, including:
acquiring a patch package for repairing a local vulnerability, wherein the patch package comprises a patch file directory and patch file identity information;
acquiring a corresponding file to be installed according to a patch file directory in the patch package, and caching the file to be installed to a local specified directory;
verifying the files to be installed cached to the specified directory by using the patch file identity information, and judging whether the files to be installed are tampered to obtain a judgment result;
and correspondingly processing the files to be installed cached to the specified directory according to the judgment result, and adjusting the cache state to the installed state after all the files to be installed are processed, so that the repair of the local vulnerability is completed.
Optionally, obtaining a corresponding file to be installed according to a patch file directory in the patch package, including:
and releasing the file according to the patch file directory in the patch package to obtain the file to be installed, and acquiring the file from the local if the corresponding file exists locally in the releasing process.
Optionally, the local vulnerability includes any one of the following:
bugs of local operating systems, bugs of local applications.
Optionally, when the local vulnerability is a vulnerability of a local operating system, the specified directory is a WinSxS directory.
Optionally, the patch file identity information includes: the name of the patch file, the unique identity of the patch file and an algorithm for generating the unique identity of the patch file; and the number of the first and second electrodes,
verifying the file to be installed cached to the specified directory by using the identity information of the patch file, and judging whether the file to be installed is tampered, including:
acquiring an algorithm for generating the unique identity of the patch file from the patch package;
calculating the unique identity of the file to be installed by using the algorithm;
comparing the unique identity of the file to be installed with the corresponding unique identity of the patch file one by one according to the name of the patch file;
if the unique identity of the file to be installed is inconsistent with the corresponding unique identity of the patch file, the file to be installed is judged to be tampered;
and if the unique identity of the file to be installed is consistent with the corresponding unique identity of the patch file, judging that the file to be installed is not tampered.
Optionally, the unique identity is a hash value; and the number of the first and second electrodes,
the algorithm comprises any one of the following algorithms: SHA1, MD2, MD4, MD 5.
Optionally, performing corresponding processing on the to-be-installed file cached in the designated directory according to the determination result, where the processing includes:
if the judgment result is that the file to be installed is tampered, replacing the tampered file to be installed in the specified directory with a corresponding patch file in the patch package;
and if the judgment result is that the file to be installed is not tampered, keeping the file to be installed unchanged.
Optionally, after all the files to be installed are processed, the cache state is adjusted to the installed state by calling a specified component management interface.
Optionally, the specified component management interface is a component-based services interface.
Based on another aspect of the present invention, an embodiment of the present invention further provides a bug fixing device, including:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is suitable for acquiring a patch package for repairing a local vulnerability, and the patch package comprises a patch file directory and patch file identity information;
the cache module is suitable for acquiring a corresponding file to be installed according to the patch file directory in the patch package and caching the file to be installed to a local specified directory;
the verification module is suitable for verifying the files to be installed cached to the specified directory by using the patch file identity information, judging whether the files to be installed are tampered or not and obtaining a judgment result;
the processing module is suitable for carrying out corresponding processing on the files to be installed cached to the specified directory according to the judgment result; and
and the state adjusting module is suitable for adjusting the cache state to the installed state after all the files to be installed are processed, so that the repair of the local loophole is completed.
Optionally, the cache module is further adapted to release the file according to the patch file directory in the patch package to obtain a file to be installed, and in the release process, if the corresponding file exists locally, obtain the file locally.
Optionally, the patch file identity information includes: the name of the patch file, the unique identity of the patch file and an algorithm for generating the unique identity of the patch file; and, the verification module is further adapted to:
acquiring an algorithm for generating the unique identity of the patch file from the patch package;
calculating the unique identity of the file to be installed by using the algorithm;
comparing the unique identity of the file to be installed with the corresponding unique identity of the patch file one by one according to the name of the patch file;
if the unique identity of the file to be installed is inconsistent with the corresponding unique identity of the patch file, the file to be installed is judged to be tampered;
and if the unique identity of the file to be installed is consistent with the corresponding unique identity of the patch file, judging that the file to be installed is not tampered.
Optionally, the unique identity is a hash value; and, the algorithm comprises any one of the following algorithms: SHA1, MD2, MD4, MD 5.
Optionally, the processing module is further adapted to:
if the judgment result is that the file to be installed is tampered, replacing the tampered file to be installed in the specified directory with a corresponding patch file in the patch package;
and if the judgment result is that the file to be installed is not tampered, keeping the file to be installed unchanged.
Optionally, the state adjustment module is further adapted to adjust the cache state to the installed state by calling a specified component management interface after all the files to be installed are processed.
In the embodiment of the invention, files to be installed, which are obtained according to a patch file directory in a patch package, are cached in a local appointed directory, the cached files to be installed are verified by using the identity information of the patch files in the patch package, whether the files to be installed are tampered or not is judged, and a judgment result is obtained; and then, carrying out corresponding processing on the files to be installed cached to the appointed directory according to the judgment result, and adjusting the cache state to the installed state after the processing of all the files to be installed is finished, thereby completing the repair of the local loophole. According to the embodiment of the invention, the files to be installed are cached firstly, then the files to be installed are verified, and finally the cache state is adjusted to the installed state, so that the consistency between the files for local bug fixing and the files required to be released by the patch package is ensured, and the problems of black screen or blue screen and the like caused by the inconsistency of the files after the patch is installed are avoided.
Further, in the embodiment of the present invention, if the file to be installed is inconsistent with the corresponding file in the patch package, it is determined that the file to be installed is tampered, the tampered file to be installed is replaced with the corresponding file in the patch package, and after all the files to be installed are verified, the cache state is adjusted to the installed state, so that the patch file takes effect to complete bug repair. According to the embodiment of the invention, the tampered files to be installed cached in the specified directory are replaced by the corresponding original files in the patch package, so that the tampered local files are repaired in the patch installation process, the consistency of the local patch files and the files required to be released by the patch package is ensured, and the problems of black screen or blue screen and the like caused by the inconsistency of the files after the patch is installed are solved. In addition, the bug fixing method and device provided by the embodiment of the invention are particularly suitable for NSA 'permanent blue' bug patch updating tools and bug fixing engines.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
The above and other objects, advantages and features of the present invention will become more apparent to those skilled in the art from the following detailed description of specific embodiments thereof, taken in conjunction with the accompanying drawings.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flowchart illustrating a bug fix method according to an embodiment of the invention;
FIG. 2 is a flowchart illustrating a vulnerability fixing method according to another embodiment of the present invention; and
fig. 3 is a schematic structural diagram of a bug fixing device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In order to solve the above technical problem, an embodiment of the present invention provides a bug fixing method. Fig. 1 shows a processing flow chart of a bug fixing method according to an embodiment of the present invention. Referring to fig. 1, the bug fixing method may include the following steps S102 to S108.
Step S102, a patch package for repairing the local vulnerability is obtained, wherein the patch package comprises a patch file directory and patch file identity information.
And step S104, acquiring a corresponding file to be installed according to the patch file directory in the patch package, and caching the file to be installed to a local specified directory.
And S106, verifying the files to be installed cached to the specified directory by using the patch file identity information, and judging whether the files to be installed are tampered to obtain a judgment result.
And S108, performing corresponding processing on the files to be installed cached to the appointed directory according to the judgment result, and adjusting the cache state to the installed state after the processing of all the files to be installed is completed, so that the repair of the local vulnerability is completed.
In the embodiment of the invention, files to be installed, which are obtained according to a patch file directory in a patch package, are cached in a local appointed directory, the cached files to be installed are verified by using the identity information of the patch files in the patch package, whether the files to be installed are tampered or not is judged, and a judgment result is obtained; and then, carrying out corresponding processing on the files to be installed cached to the appointed directory according to the judgment result, and adjusting the cache state to the installed state after the processing of all the files to be installed is finished, thereby completing the repair of the local loophole. According to the embodiment of the invention, the files to be installed are cached firstly, then the files to be installed are verified, and finally the cache state is adjusted to the installed state, so that the consistency between the files for local bug fixing and the files required to be released by the patch package is ensured, and the problems of black screen or blue screen and the like caused by the inconsistency of the files after the patch is installed are avoided.
In step S102, the local vulnerability may be a vulnerability of a local operating system, for example, a vulnerability of a currently-used Windows7 operating system, or a vulnerability of a local application, for example, a vulnerability of a mobile working software of a bluetooth enterprise, and the like, but the embodiment of the present invention is not limited thereto. In addition, the local place can be a computer, a smart phone, a tablet computer, a smart watch and other terminal devices.
Before step S102, an existing bug fixing function product may be run to scan and determine whether a patch for fixing a local bug may be or needs to be installed in the current user system environment. Correspondingly, in step S102, a patch package for repairing the local vulnerability is obtained according to the scanning result of the vulnerability repair function product. In practical application, the patch package may be obtained from the cloud, or may be obtained in other manners, which is not limited herein. In order to ensure the integrity, accuracy and safety of the patch package data, after the patch package is obtained, the ground file inspection and the signature inspection are carried out.
The patch package may include a patch file directory and patch file identity information to indicate files and related information to be released for installing the patch. Further, the patch file identity information may include: the name of the patch file, the unique identity of the patch file, and the algorithm that generated the unique identity of the patch file, among other things. In a preferred embodiment, the unique identity of the file is a hash value. Here, the hash algorithm for generating the hash value of the file may include SHA1, MD5, MD4, MD2, and the like. The design principle of the hash algorithm is well known to those skilled in the art, and will not be described herein.
The following describes the patch file directory and the patch file identity information included in the patch package, taking the patch package kb4012212.cab of the windows7 system vulnerability for recovering the persistent blue Lego virus attack as an example. Names, attributes, hash values, algorithms and the like of all patch files are recorded in a manifest file manifest _. cix.xml of kb4012212.cab, and the following lists partial contents in the manifest file, wherein the specific recording form is as follows:
from the above manifest file part, the name of the file to be released, i.e. the value of field name, can be obtained: x86_ microsoft-windows-smss _31bf3856ad364e35_7.1.7601.23677_ none _9ffe1ebf1ba6284 b/apissetschmeema.
Furthermore, from the above manifest file part, the Hash value of the released file, i.e. the value of the field Hash value, can also be obtained: 711e072b7667e845976bfa47627a6786160a4de1, and the corresponding algorithm: SHA 1.
In step S104, after the patch package is obtained, the required patch file is released to the local according to the patch file directory in the patch package to obtain the file to be installed, and the file to be installed is cached in the local specified directory. It should be noted that, in the releasing process, if a corresponding file exists locally, the file is directly acquired from the local. Still taking bug fixing of the windows operating system as an example, in the process of releasing the patch package file, if it is detected that the patch file of the specified version to be released already exists locally, the patch file of the specified version is directly copied from the local instead of being acquired from the patch package.
However, the logic of the existing windows update tool only detects whether a file required for bug fixing exists, but does not detect whether the content of the file is tampered, and even cannot correct the tampered file. Therefore, if the patch file of the specified version existing locally is tampered, the tampered patch file can take effect after installation is completed, and the problems of black screen, blue screen and the like are caused. The bug fixing scheme provided by the embodiment of the invention can effectively solve the problem, namely, in the method of the embodiment, the to-be-installed file is cached (staged) to a local specified directory, so that the to-be-installed file is in a staged state instead of being directly converted into an installed (installed) state. It should be noted that the cache state is an intermediate state, and unlike the installed state, the file in the cache state is not yet valid. By caching the files to be installed to a local specified directory, when the tampered files to be installed exist, the tampered files to be installed can be prevented from directly taking effect, and the problems of black screen, blue screen and the like caused by the tampering can be further prevented.
When the local vulnerability is a vulnerability of the local operating system, the specified directory may be a WinSxS directory under a C-disk Windows directory.
In step S106, the to-be-installed file cached in the designated directory is verified by using the patch file identity information, and whether the to-be-installed file is tampered is determined, in the present invention, an optional scheme is provided, in which, first, an algorithm for generating a unique identity of the patch file is obtained from a patch package; then, calculating the unique identity of the cached file to be installed by using the obtained algorithm; thirdly, comparing the unique identity of the file to be installed obtained through calculation with the unique identity of the corresponding patch file recorded in the patch package one by one according to the name of the patch file; and finally, if the unique identity of the file to be installed obtained through calculation is inconsistent with the unique identity of the corresponding patch file, judging that the file to be installed is tampered, and otherwise, judging that the file to be installed is not tampered.
The following still takes the patch file x86_ microsoft-windows-sms _31bf3856ad364e35_7.1.7601.23677_ none _9ffe1ebf1ba6284 b/apisetschema.dll in the patch package kb4012212.cab as an example to explain the specific implementation process of this step:
firstly, acquiring an algorithm SHA1 for generating a hash value of the patch file from a manifest file manifest _. cix.xml of kb4012212. cab;
then, calculating the hash value of the file to be installed cached to the local appointed directory (namely C: \ Windows \ WinSxS) according to the step S104 by using the SHA1 algorithm of the obtained patch file;
thirdly, comparing the calculated hash value with a hash value '711 e072b7667e845976bfa47627a6786160a4de 1' recorded in a manifest file manifest _.
And finally, if the two files are not consistent, judging that the to-be-installed file x86_ microsoft-windows-sms _31bf3856ad364e35_7.1.7601.23677_ none _9ffe1ebf1ba6284b \ apissetschme.
In the method of the embodiment of the invention, the unique identification marks of the files to be installed cached locally and the patch files in the patch package are compared one by one, and the hash value is optimized, so that whether the local files to be installed are falsified can be detected accurately and conveniently, and corresponding processing is carried out if the local files to be installed are falsified, thereby preventing the problems of black screen, blue screen and the like caused by the falsified files after the patch is installed from taking effect.
After the cached file to be installed is verified in step S106, step S108 performs corresponding processing on the file to be installed cached in the specified directory according to the determination result, specifically, if the file to be installed is tampered with as the determination result, the tampered file to be installed in the specified directory is replaced with the corresponding patch file in the patch package, and if the file to be installed is not tampered with as the determination result, the file to be installed in the specified directory is kept unchanged.
In practical application, a mode of performing corresponding processing on each to-be-installed file according to the judgment result after each to-be-installed file is verified may be adopted, or a mode of performing corresponding processing on each to-be-installed file according to the judgment result after all to-be-installed files are verified may be adopted, which is not limited in this regard.
The tampered files to be installed cached in the specified directory are replaced by the corresponding original files in the patch package, so that the tampered files to be installed are repaired, and the problems of black screen, blue screen and the like caused by the fact that the tampered files take effect after the patches are installed are solved.
And finally, after all the files to be installed are processed, the cache state of the files to be installed is adjusted to be the installed state by calling the specified component management interface, so that the files take effect, and the repair of the local loopholes is completed. The specified component management interface has a function of switching states of installation, removal, and the like of components. In a preferred embodiment, the specified Component management interface is a Component-based services (CBS) interface.
According to the above analysis, in the embodiment of the present invention, the file to be installed, which is obtained according to the patch file directory in the patch package, is cached in the local designated directory, the cached file to be installed is verified by using the identity information of the patch file in the patch package, if the file to be installed is inconsistent with the corresponding file in the patch package, then the files to be installed are judged to be tampered, the tampered files to be installed are replaced by the corresponding files in the patch package, after all the files to be installed are verified, and then the cache state is adjusted to be the installed state, so that the patch file takes effect to complete the bug fixing scheme, the tampered local file is fixed in the patch installation process, the consistency of the local patch file and the file required to be released by the patch package is ensured, and the problems of black screen or blue screen and the like caused by the inconsistency of the files after the patch is installed are avoided.
In the above, various implementation manners of each link of the embodiment shown in fig. 1 are introduced, and an implementation process of the vulnerability repair method of the present invention will be described in detail through a specific embodiment.
FIG. 2 is a flowchart illustrating a processing flow of a bug fixing method for fixing a bug of a local windows operating system according to another embodiment of the present invention. Referring to fig. 2, the bug fixing method may include the following steps S202 to S210.
S202, obtaining a patch package for repairing the bug of the local windows operating system, wherein the patch package comprises a patch file directory and patch file identity information.
Specifically, the patch package for bug fixing may be directly downloaded from microsoft official website, or may be obtained by other tools such as 360 security guards. After the patch package is obtained, floor file inspection and signature inspection are carried out to ensure the integrity, accuracy and safety of the patch package data.
The patch package comprises a patch file directory, the name and the hash value of each patch file and an algorithm for generating the hash value of each patch file. The above information is recorded in the manifest file manifest _. cix.xml of the patch package.
And S204, releasing the file according to the patch file directory in the patch package to obtain a file to be installed, and caching the file to be installed to a local WinSxS directory.
Specifically, the files in the patch package are released according to a patch file directory recorded by a manifest file manifest _. cix.xml in the patch package to obtain files to be installed, and in the releasing process, if it is detected that a specified version of patch files to be released already exists locally, the specified version of patch files is directly copied from the local to be used as the files to be installed. And then caching the obtained file to be installed to a local C: \ Windows \ WinSxS directory, so that the file to be installed is in a cached (staged) state and does not take effect directly.
S206, verifying the to-be-installed file cached to the WinSxS directory based on the hash value by using the patch file identity information, and judging whether the to-be-installed file is tampered to obtain a judgment result.
Specifically, step S206 may be implemented by:
first, an algorithm for generating a hash value of a patch file is obtained from a patch package. In the embodiment of the present invention, the algorithm for generating the hash value of the patch file may be SHA1, MD5, or the like.
Secondly, scanning the files to be installed cached in the WinSxS directory, and calculating the files to be installed by using the obtained algorithm to obtain the hash value of each file to be installed.
And thirdly, comparing the hash value of the file to be installed obtained through calculation with the hash values of the corresponding patch files one by one according to the names of the patch files, and judging whether the file to be installed is tampered.
And finally, if the hash value of the file to be installed is inconsistent with the hash value of the corresponding patch file, judging that the file to be installed is tampered, and if the hash value of the file to be installed is consistent with the hash value of the corresponding patch file, judging that the file to be installed is not tampered.
And S208, if the judgment result shows that the file to be installed is tampered, replacing the tampered file to be installed in the WinSxS directory with the corresponding patch file in the patch package, and otherwise, keeping the file to be installed unchanged.
The tampered files to be installed cached in the WinSxS directory are replaced by the corresponding original files in the patch package, so that the tampered files to be installed are repaired, and the problems of black screens and even blue screens and the like caused by the fact that the tampered files take effect after the patches are installed are solved.
It should be noted that, in practical applications, a corresponding processing manner in step S208 may be performed on each to-be-installed file according to the determination result after each to-be-installed file is verified in step S206, or a corresponding processing manner may be performed on each to-be-installed file according to the determination result after all to-be-installed files are verified, which is not limited in this respect.
And S210, after all the files to be installed are processed, the cache state is adjusted to be the installed state by calling the CBS interface, and therefore the repair of the bugs of the local operating system is completed.
After all the files to be installed are processed, the CBS interface is called to adjust the cache state of the files to be installed to the installed state, so that the files take effect, and the repair of the bugs of the local operating system is completed. The CBS interface is a component management interface of a Microsoft Windows operating system, can complete functions of adding/deleting updating, adjusting and the like, and is a tool on which Windows Update mainly depends.
In the specific embodiment of the invention, files to be installed, which are acquired according to a patch file directory in a patch package, are cached in a local WinSxS directory, the cached files to be installed are verified by using a hash value recorded in the patch package, whether the files to be installed are tampered is judged, the files to be installed, which are tampered, are replaced by using corresponding files in the patch package, after all the files to be installed are verified, the cache state is adjusted to be the installed state, the patch files take effect to complete the scheme of repairing system vulnerabilities, the repair of the tampered local files in the installation process is realized, the consistency of the local patch files and files required to be released by the patch package is ensured, and the problems of black screen or blue screen and the like caused by the inconsistency of the files after the patch package is installed are avoided.
It should be noted that, in practical applications, all the above optional embodiments may be combined in a combined manner at will to form an optional embodiment of the present invention, and details are not described here any more.
Based on the same inventive concept, the embodiment of the present invention further provides a bug fixing device, which is used for supporting the bug fixing method provided by any one of the above embodiments or a combination thereof. Fig. 3 is a schematic structural diagram of a bug fixing device according to an embodiment of the present invention. Referring to fig. 3, the bug fixing device may include at least: an acquisition module 310, a caching module 320, a verification module 330, a processing module 340, and a state adjustment module 350.
Now, the functions of the components or devices of the bug fixing device and the connection relationship between the components are introduced:
the obtaining module 310 is adapted to obtain a patch package for repairing a local vulnerability, where the patch package includes a patch file directory and patch file identity information;
the caching module 320 is adapted to obtain a corresponding file to be installed according to the patch file directory in the patch package, and cache the file to be installed to a local specified directory;
the verification module 330 is adapted to verify the file to be installed cached in the designated directory by using the patch file identity information, and determine whether the file to be installed is tampered, so as to obtain a determination result;
the processing module 340 is adapted to perform corresponding processing on the to-be-installed file cached to the designated directory according to the judgment result; and
the state adjustment module 350 is adapted to adjust the cache state to the installed state after all the files to be installed are processed, so as to complete the repair of the local vulnerability.
In a preferred embodiment, the caching module 320 is further adapted to:
and releasing the file according to the patch file directory in the patch package to obtain the file to be installed, and acquiring the file from the local if the corresponding file exists locally in the releasing process.
In a preferred embodiment, the local vulnerability includes any one of the following:
bugs of local operating systems, bugs of local applications.
In a preferred embodiment, when the local vulnerability is a vulnerability of the local operating system, the specified directory is a WinSxS directory.
In a preferred embodiment, the patch file identity information includes: the name of the patch file, the unique identity of the patch file and an algorithm for generating the unique identity of the patch file; and the number of the first and second electrodes,
the verification module 330 is further adapted to:
obtaining an algorithm for generating the unique identity of the patch file from the patch package;
calculating the unique identity of the file to be installed by using the algorithm;
comparing the unique identity of the file to be installed obtained through calculation with the unique identity of the corresponding patch file one by one according to the name of the patch file;
if the unique identity of the file to be installed is inconsistent with the unique identity of the corresponding patch file, the file to be installed is judged to be tampered;
and if the unique identity of the file to be installed is consistent with the unique identity of the corresponding patch file, judging that the file to be installed is not tampered.
In a preferred embodiment, the unique identity is a hash value; and, the algorithm includes any one of the following algorithms: SHA1, MD2, MD4, MD 5.
In a preferred embodiment, the processing module 340 is further adapted to:
if the judgment result is that the file to be installed is tampered, replacing the tampered file to be installed in the appointed directory by using the corresponding patch file in the patch package;
and if the judgment result is that the file to be installed is not tampered, keeping the file to be installed unchanged.
In a preferred embodiment, the state adjustment module 350 is further adapted to:
and after all the files to be installed are processed, the cache state is adjusted to be the installed state by calling the specified component management interface.
In a preferred embodiment, the specified component management interface is a CBS interface.
According to any one or a combination of multiple optional embodiments, the embodiment of the present invention can achieve the following advantages:
in the embodiment of the invention, files to be installed, which are obtained according to a patch file directory in a patch package, are cached in a local appointed directory, the cached files to be installed are verified by using the identity information of the patch files in the patch package, whether the files to be installed are tampered or not is judged, and a judgment result is obtained; and then, carrying out corresponding processing on the files to be installed cached to the appointed directory according to the judgment result, and adjusting the cache state to the installed state after the processing of all the files to be installed is finished, thereby completing the repair of the local loophole. According to the embodiment of the invention, the files to be installed are cached firstly, then the files to be installed are verified, and finally the cache state is adjusted to the installed state, so that the consistency between the files for local bug fixing and the files required to be released by the patch package is ensured, and the problems of black screen or blue screen and the like caused by the inconsistency of the files after the patch is installed are avoided.
Further, in the embodiment of the present invention, if the file to be installed is inconsistent with the corresponding file in the patch package, it is determined that the file to be installed is tampered, the tampered file to be installed is replaced with the corresponding file in the patch package, and after all the files to be installed are verified, the cache state is adjusted to the installed state, so that the patch file takes effect to complete bug repair. According to the embodiment of the invention, the tampered files to be installed cached in the specified directory are replaced by the corresponding original files in the patch package, so that the tampered local files are repaired in the patch installation process, the consistency of the local patch files and the files required to be released by the patch package is ensured, and the problems of black screen or blue screen and the like caused by the inconsistency of the files after the patch is installed are solved. In addition, the bug fixing method and device provided by the embodiment of the invention are particularly suitable for NSA 'permanent blue' bug patch updating tools and bug fixing engines.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. It will be appreciated by those skilled in the art that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components in a bug fix arrangement according to embodiments of the invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Thus, it should be appreciated by those skilled in the art that while a number of exemplary embodiments of the invention have been illustrated and described in detail herein, many other variations or modifications consistent with the principles of the invention may be directly determined or derived from the disclosure of the present invention without departing from the spirit and scope of the invention. Accordingly, the scope of the invention should be understood and interpreted to cover all such other variations or modifications.
Claims (14)
1. A vulnerability fix method, comprising:
acquiring a patch package for repairing a local vulnerability, wherein the patch package comprises a patch file directory and patch file identity information;
acquiring a corresponding file to be installed according to a patch file directory in the patch package, and caching the file to be installed to a local specified directory to enable the file to be installed to be in a cache state, wherein the cache state refers to an intermediate state that the file is not yet in effect;
verifying the files to be installed cached to the specified directory by using the patch file identity information, and judging whether the files to be installed are tampered to obtain a judgment result;
performing corresponding processing on the files to be installed cached to the designated directory according to the judgment result, and adjusting the cache state to the installed state after the processing of all the files to be installed is completed, so as to complete the repair of the local vulnerability;
acquiring a corresponding file to be installed according to a patch file directory in the patch package, wherein the acquiring comprises the following steps:
releasing the file according to the patch file directory in the patch package to obtain a file to be installed, and acquiring the file from the local if the corresponding file exists locally in the releasing process;
wherein, according to the judgment result, the corresponding processing is performed on the file to be installed cached to the specified directory, and the processing comprises:
if the judgment result is that the file to be installed is tampered, replacing the tampered file to be installed in the specified directory with a corresponding patch file in the patch package;
and if the judgment result is that the file to be installed is not tampered, keeping the file to be installed unchanged.
2. The method of claim 1, wherein the local vulnerability comprises any one of:
bugs of local operating systems, bugs of local applications.
3. The method of claim 2, wherein the specified directory is a WinSxS directory when the local vulnerability is a vulnerability of a local operating system.
4. The method according to any one of claims 1 to 3,
the patch file identity information comprises: the name of the patch file, the unique identity of the patch file and an algorithm for generating the unique identity of the patch file;
verifying the file to be installed cached to the specified directory by using the identity information of the patch file, and judging whether the file to be installed is tampered, including:
acquiring an algorithm for generating the unique identity of the patch file from the patch package;
calculating the unique identity of the file to be installed by using the algorithm;
comparing the unique identity of the file to be installed with the corresponding unique identity of the patch file one by one according to the name of the patch file;
if the unique identity of the file to be installed is inconsistent with the corresponding unique identity of the patch file, the file to be installed is judged to be tampered;
and if the unique identity of the file to be installed is consistent with the corresponding unique identity of the patch file, judging that the file to be installed is not tampered.
5. The method of claim 4, wherein,
the unique identity is a hash value;
the algorithm comprises any one of the following algorithms: SHA1, MD2, MD4, MD 5.
6. The method according to any one of claims 1-3, wherein the cache state is adjusted to an installed state by calling a specified component management interface after processing of all the files to be installed is completed.
7. The method of claim 6, wherein the specified component management interface is a component-based services interface.
8. A vulnerability repair apparatus, comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is suitable for acquiring a patch package for repairing a local vulnerability, and the patch package comprises a patch file directory and patch file identity information;
the cache module is suitable for acquiring a corresponding file to be installed according to a patch file directory in the patch package, and caching the file to be installed to a local specified directory to enable the file to be installed to be in a cache state, wherein the cache state refers to an intermediate state in which the file is not yet in effect;
the verification module is suitable for verifying the files to be installed cached to the specified directory by using the patch file identity information, judging whether the files to be installed are tampered or not and obtaining a judgment result;
the processing module is suitable for carrying out corresponding processing on the files to be installed cached to the specified directory according to the judgment result; and
the state adjusting module is suitable for adjusting the cache state to the installed state after all the files to be installed are processed, so that the repair of the local loophole is completed;
wherein the caching module is further adapted to:
releasing the file according to the patch file directory in the patch package to obtain a file to be installed, and acquiring the file from the local if the corresponding file exists locally in the releasing process;
wherein the processing module is further adapted to:
if the judgment result is that the file to be installed is tampered, replacing the tampered file to be installed in the specified directory with a corresponding patch file in the patch package;
and if the judgment result is that the file to be installed is not tampered, keeping the file to be installed unchanged.
9. The apparatus of claim 8, wherein the local vulnerability comprises any one of:
bugs of local operating systems, bugs of local applications.
10. The apparatus of claim 9, wherein the specified directory is a WinSxS directory when the local vulnerability is a vulnerability of a local operating system.
11. The apparatus of any one of claims 8-10,
the patch file identity information comprises: the name of the patch file, the unique identity of the patch file and an algorithm for generating the unique identity of the patch file;
the verification module is further adapted to:
acquiring an algorithm for generating the unique identity of the patch file from the patch package;
calculating the unique identity of the file to be installed by using the algorithm;
comparing the unique identity of the file to be installed with the corresponding unique identity of the patch file one by one according to the name of the patch file;
if the unique identity of the file to be installed is inconsistent with the corresponding unique identity of the patch file, the file to be installed is judged to be tampered;
and if the unique identity of the file to be installed is consistent with the corresponding unique identity of the patch file, judging that the file to be installed is not tampered.
12. The apparatus of claim 11, wherein,
the unique identity is a hash value;
the algorithm comprises any one of the following algorithms: SHA1, MD2, MD4, MD 5.
13. The apparatus of any of claims 8-10, wherein the state adjustment module is further adapted to:
and after all the files to be installed are processed, adjusting the cache state to be the installed state by calling a specified component management interface.
14. The apparatus of claim 13, wherein the specified component management interface is a component-based services interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710726288.4A CN107577948B (en) | 2017-08-22 | 2017-08-22 | Vulnerability repairing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710726288.4A CN107577948B (en) | 2017-08-22 | 2017-08-22 | Vulnerability repairing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107577948A CN107577948A (en) | 2018-01-12 |
| CN107577948B true CN107577948B (en) | 2021-03-19 |
Family
ID=61035155
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710726288.4A Active CN107577948B (en) | 2017-08-22 | 2017-08-22 | Vulnerability repairing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107577948B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11074347B2 (en) * | 2019-03-11 | 2021-07-27 | Itron, Inc. | System subset version and authentication for remotely connected devices |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8635309B2 (en) * | 2007-08-09 | 2014-01-21 | Hand Held Products, Inc. | Methods and apparatus to change a feature set on data collection devices |
| CN103729597B (en) * | 2014-01-16 | 2017-11-17 | 宇龙计算机通信科技(深圳)有限公司 | System starts method of calibration, system starts calibration equipment and terminal |
| CN105975864A (en) * | 2016-04-29 | 2016-09-28 | 北京小米移动软件有限公司 | Operation system starting method and device, and terminal |
| CN114116313A (en) * | 2016-10-21 | 2022-03-01 | 上海嘉楠捷思信息技术有限公司 | Backup data processing method and device |
| CN106843933A (en) * | 2016-12-27 | 2017-06-13 | 北京五八信息技术有限公司 | A kind of leak restorative procedure of application program, mobile terminal and patch server |
| CN106919843B (en) * | 2017-01-24 | 2020-08-28 | 北京奇虎科技有限公司 | Vulnerability repair system, method and equipment |
| CN106953874B (en) * | 2017-04-21 | 2019-11-29 | 深圳市科力锐科技有限公司 | Website falsification-proof method and device |
-
2017
- 2017-08-22 CN CN201710726288.4A patent/CN107577948B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN107577948A (en) | 2018-01-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Xing et al. | Upgrading your android, elevating my malware: Privilege escalation through mobile os updating | |
| US8196203B2 (en) | Method and apparatus for determining software trustworthiness | |
| US8499349B1 (en) | Detection and restoration of files patched by malware | |
| US8931086B2 (en) | Method and apparatus for reducing false positive detection of malware | |
| KR101692817B1 (en) | Repairing corrupt software | |
| US7865952B1 (en) | Pre-emptive application blocking for updates | |
| US8745743B2 (en) | Anti-virus trusted files database | |
| US20130067577A1 (en) | Malware scanning | |
| US20060236122A1 (en) | Secure boot | |
| WO2019072008A1 (en) | Security scanning method and apparatus for mini program, and electronic device | |
| WO2007125422A2 (en) | System and method for enforcing a security context on a downloadable | |
| IL184881A (en) | Systems and methods for verifying trust of executable files | |
| WO2014000613A1 (en) | System repair method and device, and storage medium | |
| JP2006202270A (en) | System and method for validating executable file integrity using partial image hash | |
| US20200366706A1 (en) | Managing supersedence of solutions for security issues among assets of an enterprise network | |
| CN104517054A (en) | Method, device, client and server for detecting malicious APK | |
| US9071639B2 (en) | Unauthorized application detection system and method | |
| US20110219454A1 (en) | Methods of identifying activex control distribution site, detecting security vulnerability in activex control and immunizing the same | |
| JP6238093B2 (en) | Malware risk scanner | |
| US11176224B2 (en) | Security tool | |
| WO2014206183A1 (en) | Macro virus scanning method and system | |
| CN107577948B (en) | Vulnerability repairing method and device | |
| JP6169497B2 (en) | Connection destination information determination device, connection destination information determination method, and program | |
| TWI514185B (en) | Antivirus system and method of electronic device | |
| US10880316B2 (en) | Method and system for determining initial execution of an attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information |
Inventor after: Xu Pengjie Inventor after: Chen Xiong Inventor after: Zhao Jianfeng Inventor before: Xu Pengjie Inventor before: Chen Xiong Inventor before: Zhao Jianfeng |
|
| CB03 | Change of inventor or designer information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220909 Address after: No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science and Technology Park, High-tech Zone, Binhai New District, Tianjin 300000 Patentee after: 3600 Technology Group Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |