CyberSecurityBoard
Sponsor Register Login

Google Details Microsoft's Time Travel Debugging Framework Security Bugs

The researchers identified four distinct bugs in TTD’s instruction emulation and functioning, including emulation issues with pop r16, push segment, and lodsb/lodsw instructions, as well as an output capture truncation problem in the WinDbg TTDAnalyze debugging extension. The researchers acknowledged Microsoft’s Time Travel Debugging team for their readiness and support in addressing the reported issues, highlighting their prompt communication and commitment to maintaining TTD as a robust and reliable security tool for Windows security research. Mandiant researchers, part of Google’s cybersecurity division, have uncovered several critical security bugs in Microsoft’s Time Travel Debugging (TTD) framework. The findings reveal significant instruction emulation inaccuracies that could potentially compromise security analyses and incident response investigations, leading analysts to overlook threats or draw incorrect conclusions during malware analysis. Time Travel Debugging is a powerful usermode record-and-replay framework developed by Microsoft that allows security researchers and developers to capture a comprehensive recording of a process execution. While the researchers at Google’s Mandiant detected that the discovered bugs could cause significant security and reliability issues. After discovering this initial bug, Mandiant researchers created a fuzzing harness to execute random sequences of instructions and compare the results between real CPU execution and TTD instrumentation. This led to the discovery of additional instruction emulation problems, including issues with push segment instructions that revealed differences between Intel and AMD CPU implementations. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. While on a real CPU the instruction preserves the upper 16 bits of the register, TTD incorrectly cleared these bits, causing critical discrepancies between native execution and TTD instrumentation.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 11 Mar 2025 14:55:06 +0000


Cyber News related to Google Details Microsoft's Time Travel Debugging Framework Security Bugs

Google Details Microsoft's Time Travel Debugging Framework Security Bugs - The researchers identified four distinct bugs in TTD’s instruction emulation and functioning, including emulation issues with pop r16, push segment, and lodsb/lodsw instructions, as well as an output capture truncation problem in the WinDbg ...
14 hours ago Cybersecuritynews.com
Zero Trust Security Framework: Implementing Trust in Business - The Zero Trust security framework is an effective approach to enhancing security by challenging traditional notions of trust. Zero Trust Security represents a significant shift in the cybersecurity approach, challenging the conventional concept of ...
1 year ago Securityzap.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Adobe Real-Time CDP: Personalized Customer Experience - Adobe Experience Cloud Products like Adobe Real-Time CDP are available to assist. A revolutionary solution called Adobe Real-Time Customer Data Platform was created to assist companies in realizing the whole value of their customer data. Adobe ...
1 year ago Hackread.com
Aussie Travel Agency Data Leak Puts Thousands of Tourists at Risk - Melbourne-based travel agency, Inspiring Vacations, left a massive 26.8 GB database publicly exposed, devoid of any security measures like authentication or passwords. A data leak at a Melbourne-based travel agency has exposed the personal ...
1 year ago Hackread.com
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
11 months ago Techrepublic.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
1 year ago Darkreading.com CVE-2024-20674 CVE-2024-20700 CVE-2024-21307 CVE-2024-21318 CVE-2023-21310 CVE-2023-36036 CVE-2024-20653 CVE-2024-20698 CVE-2024-20683 CVE-2024-20686
CVE-2018-8284 - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework ...
2 years ago
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
1 year ago Cysecurity.news
Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
1 year ago Darkreading.com
Falcon Cloud Security Supports Google Cloud Run to Strengthen Serverless Application Security - We're thrilled to share that the CrowdStrike Falcon® sensor now fully supports Google Cloud Run, bringing advanced security capabilities to your serverless applications. While we announced this at Google Cloud Next in April 2024, this blog goes ...
8 months ago Crowdstrike.com
CVE-2018-8202 - An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft ...
2 years ago
CVE-2019-0545 - An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET ...
2 years ago
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
11 months ago Techcommunity.microsoft.com
Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update - In what's sure to be a refreshing break for IT and security teams, Microsoft's monthly security update for December 2023 contained fewer vulnerabilities for them to address than in recent months. The update included fixes for a total of 36 ...
1 year ago Darkreading.com CVE-2023-35618 CVE-2023-35641 CVE-2023-35630 CVE-2023-35636 CVE-2023-36696
CVE-2018-1039 - A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, ...
5 years ago
CVE-2018-8421 - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft ...
2 years ago
CVE-2018-8360 - An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET ...
2 years ago
Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
1 year ago Darkreading.com Hunters
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
2 years ago Csoonline.com
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com CVE-2023-6345 CVE-2023-4863 CVE-2023-5217 CVE-2023-28205 CVE-2023-32409 CVE-2023-28204 CVE-2023-32373
CVE-2018-0765 - A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft ...
6 years ago
Google Pushes Software Security Via Rust, AI-Based Fuzzing - Google is making moves to help developers ensure that their code is secure. The IT giant this week said it is donating $1 million to the Rust Foundation to improve interoperability between the Rust programming language and legacy C++ codebase in ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)