How do I turn the specific knowledge of the exploit into a more meaningful defense than if I had vague knowledge there is a windows zero-day actively in the wild?
I'm not asking snidely. I legit want to know how this is leveraged in defense and what/how I can do.
Is it common practice in the pre-patch period to enable some sort of system call tracing that monitors for (and/or kills) processes that use the vulnerable call in a way described by the google blogpost? Or is there a sandboxing solution where I can blacklist filter certain uses of system calls?
> How do I turn the specific knowledge of the exploit into a more meaningful defense than if [...]
By being able to raise an alarm and allocate actual time to fixing/mitigating it, unlike if it was only a vague warning. We know that there's never been a day where Windows didn't have a critical, remote-code execution, security flaw. Obviously if you're still using it management isn't doing anything proactive to improve security so you need these motivators.
I'm not asking snidely. I legit want to know how this is leveraged in defense and what/how I can do.
Is it common practice in the pre-patch period to enable some sort of system call tracing that monitors for (and/or kills) processes that use the vulnerable call in a way described by the google blogpost? Or is there a sandboxing solution where I can blacklist filter certain uses of system calls?