Slashdot Mirror
Two New WMF Bugs Found
Resident Egoist writes "Via PCWorld the news that two new Metafile bugs have been found, just a week after the patching of previous critical WMF issues." From the article: "All three flaws concern the way Windows renders images in the Windows Metafile (WMF) format used by some CAD (computer-aided design) applications, but these latest flaws are far less serious than the vulnerability that Microsoft patched last week, according to security experts. That vulnerability was serious enough to cause Microsoft to take the unusual step of releasing an early patch for the problem, ahead of its monthly security software update."
MS: These new WMF bugs are considered non-critical and a patch will be released during the normal patch release schedule (aka Feb 14).
In other news, Ullrich's quote in TFA was hilarious.
Who will guard the guards?
Typically it's unusual to see ``just a crash.'' Most programmes written in C and C++ crash due to buffer overflows, which frequently lead to running unsigned code. As a general rule, if a C or C++ code crashes, it is a fairly likely possibility to be able to run arbitrary code. Just because nobody's done it yet doesn't mean that it's not possible.
The bugs demonstrated here are not buffer overflows. They are the other kind of common C/C++ bug, namely an invalid (in this case NULL) pointer dereference. Null pointer dereferencing bugs are rarely exploitable.
More info in this Microsoft Security Resource Center (MSRC) blog post.
With spending like this, exactly what are "conservatives" conserving?
It really depends on the type of crash, and I'm not it's safe to jump to your conclusion so eagerly. In fact, many crashes in C programs CANNOT lead to execution of arbirtrary code, such as division by zero errors and trying to access memory with a NULL pointer.
The fixes have already been released.
n /MS06-002.mspx
n /MS06-003.mspx
http://www.microsoft.com/technet/security/Bulleti
http://www.microsoft.com/technet/security/Bulleti
Actually, given MS' scope and resources I fully expect them to have a staff whose regular duties consist solely of fixing these types of problems.
I do not have a signature
What it really boils down to is that Microsoft isn't in the business of writing quality code. Their goal is to pump out code that is good enough to maximize profits. This is why Free Software is important.
Part of the problem is that MS is reluctant to phase out obsolete technologies.
Take WMF files for example. Obviously nobody making new software today, would incorporate WMF technology. It's obsolete and unpopular. The only people who use WMF tech today are those who are using software that was designed to make use of that format. And therein lies the problem. At some point in time, software programs were created that used WMF technology. MS could come out and say "WMF is obsolete, and rather than take the risk of continuing to include a software component that may compromise security, we're going to completely remove support for it in future versions of Windows, since barely anybody uses it anyway." If MS were to say that with enough legacy technologies, people would get mad at them. If you're using or writing software for some new technology, you AT LEAST want to take solace in knowing that, even if it's unpopular and discontinued, it will at least remain USABLE on future systems.
So I can sort of understand MS's pickle from that point of view. It's sort of like users complaining that some security hole in Windows 3.1 has, in 2005, still not been patched. And on the other hand, a whole wave of users would potentially be up in arms if MS decided to, in the name of security, remove support for running old 16-bit Windows 3.1 programs in Windows XP.
And incidentally, I have a box of clip art CDs in WMF format.
The same people on this forum who would criticize MS for not patching AND not removing WMF support, probably wish that Windows XP had better support for the old early-mid 90's DOS games. And yet it might be a completely impractical task (not to mention an expensive one given the limited appeal of the feature) to eliminate all of the security risks posed by support for DOS (and, don't forget, back in the DOS era, a virus was more likely to format your hard drive than email your address book).
Windows may be a feature-driven, compatibility-over-security operating system, but just because we all want security, let's not pretend we don't like features and compatibility.
WMF is wired into the GDI- it's a GDI playback script is what it really is. This means that printers use it to do the WYSIWYG printing work unless you're using Postscript printing or force the GDI to print to a RAW spool (in which the printer driver renders the print job to the spool as printer commands- which is MUCH more inefficient...).
Just because you don't think you're using it, doesn't mean Microsoft's not using it for you.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
> Yes becuase breaking hundreds of people off their regular duties, tracking down 10 year old code written by someone who either doesn't remember writing it or no longer works there, correcting the code in a way that prevents the exploit, but doesn't impact functionality, testing the correction on all supported versions of windows, numerous hardware configurations, and against dozens of 3rd party software packages that use the library, then documenting the problem, the change, and the disimination of the change, then getting the whole thing wrapped up into a nice neat deployment package, is easy.
You've ENTIRELY missed the real point. Every time Bill Gates releases his "latest and greatest" product, we're told that it's a "completely rewritten, new code base". This is now shown to be complete nonsense - there is legacy code in Windows going back almost 20 years. There is obviously no proper CVS or code auditing system in place at Microsoft, which shows an astonishing ineptitude.
Microsoft do not deserve any more of our money!