New Tool by Microsoft Analyzes Memory Corruption Bugs


Microsoft Corporation released a new tool which helps security specialists to analyze memory corruption bugs. The tool is called VulnScan and it was created by the Microsoft Security Response Center (MSRC) to determine the vulnerability type and the root cause of memory corruption flaws.

According to Microsoft, the utility was built on top of two internally developed tools – Debugging Tools for Windows (WinDbg) and Time Travel Debugging (TTD).

The WinDbg tool was designed as a Windows debugger which has received a user interface makeover a while ago, and Time Travel Debugging is an internally developed framework created for recording and replaying execution of Windows apps.

“By leveraging WinDbg and TTD, VulnScan is able to automatically deduce the root cause of the most common types of memory corruption issues. Application Verifier’s mechanism called PageHeap is used to trigger an access violation closer to the root cause of the issue,” Mateusz Krzywicki says.

The VulnScan tool starts the analysis process from the crash location and determines the root cause after that.

The tool features support for five classes of memory corruption issues – Out of bounds read/write, Use after free, Type confusion, Uninitialized memory use, and Null/constant pointer dereference.

Mateusz Krzywicki claims that VulnScan can also detect integer overflows and underflows, alongside the basic out of bounds accesses caused by a bad loop counter value. While use-after-free bugs can be detected even without enabling PageHeap.

MSRC already uses the VulnScan tool as part of their automation Sonar framework, which was created to process externally reported proof of concept files. The platform can reproduce issues and perform root cause analysis by employing multiple different environments.

Microsoft Corporation plans to include the VulnScan tool in their new Security Risk Detection service (Project Springfield). As part of the service, the tool will be used to de-duplicate crashes and provide extended analysis of vulnerabilities found through fuzzing.

“Over a 10-month period where VulnScan was used to triage all memory corruption issues for Microsoft Edge, Microsoft Internet Explorer and Microsoft Office products. It had a success rate around 85%, saving an estimated 500 hours of engineering time for MSRC engineers,” Krzywicki explains.

Nelly Vladimirova
Nelly Vladimirova has been working as a journalist since 1998 with a main focus on Finance, Economics, and IT. In 2004 she graduated the University of Plovdiv, Bulgaria, as a Bachelor in English Philology and Master in Linguistics and Translation. Later, Nelly received a postgraduate certificate in Business Management from Scott's College, UK. Presently, she is presenting the latest news related to computer security at


Please enter your comment!
Please enter your name here

Time limit is exhausted. Please reload CAPTCHA.