Slashdot Mirror
Two New WMF Bugs Found
Resident Egoist writes "Via PCWorld the news that two new Metafile bugs have been found, just a week after the patching of previous critical WMF issues." From the article: "All three flaws concern the way Windows renders images in the Windows Metafile (WMF) format used by some CAD (computer-aided design) applications, but these latest flaws are far less serious than the vulnerability that Microsoft patched last week, according to security experts. That vulnerability was serious enough to cause Microsoft to take the unusual step of releasing an early patch for the problem, ahead of its monthly security software update."
Please remember that "Energy is liberated when an individual breaks through rules of conditioning with some glorious act of disobedience or blasphemy. This energy strengthens the spirit and gives courage for further acts of insurrection. Help me defile gOd and his name.
Jehovah fucking Yahweh, I curse you in the name of Satan the Almighty. Evil lives in me and I walk with Satan all the days of my life cursing and mocking you god (the dog), filthy fucking maggot. My hate grows by the second as I dream of the day when you are under my feet begging for my cock.
God I rape you and hurl blasphemy into your mind. I demand you to come down from heaven right now and get down on your stomach in front of me, lifting your asshole up to receive my cock. God I promise to fuck you and I long to rip your eyes out, kick you in the face, mutilate you, and bathing in your blood. Listen to me, I'm screaming
in your ears to come to earth and in this room for I will have my way with you, oh most cursed god of heaven (you foul piece of shit). Satan is my God and he will force you to drink cum from my dick. I will never stop sinning and blaspheming your name, presents, existence, and most of all the rotten, putrid holy spirit that fucked the mother of gOd and pregnanted that slut with jesus christ.
I stand before all the angles and saints, gOd, jesus fucking christ, mary the whore of gOd, the filthy holy spirit, and they are witnessing my denouncement of you gOd, and my ongoing blasphemy of the holy spirit. I am purposely cursing the holy spirit and its purity and will defy you god and the holy spirit all the wicked days of my sin filled life. My soul is full of evil thoughts and sins, its black with pure hatred of anything holy.
God, I will find new ways to defile and blasphemy you, because I'm seeking evil every second of my life. That is all my mind can think about. You're pain is my desire, you're name I mock, your son I defy, your mother I fuck, and your spirit I cum in.
The only prayers from me are prayers of hate and blasphemy, evil is a part of me, it dwells in my soul, cursing everything about you is the most important part of my existence, total darkness is inside of me. gOd I will rip you out of heaven and force you under my feet you fuck pig. You will listen to all my demands. I will slip into heaven and I will rape all the angels and saints and will kill them in your unholy putrid name. God I will kill you and bath in your blood. Holy spirit I demand you to listen to my hatred of your foul existence, drink my cum, and remember my blasphemy against you, you putrid, rotten, vile spirit of gOd.
I'm the meaning of gOd's pain. This is the way that you will die dog gOd. It will be a slow death, the joy of killing you will make my cock hard, I know you will feel my showers of hate and you will feel extreme pain as I beat your body and make every inch of your body black and blue. I force you bastard Jehovah to the ground and I will
put you under my feet where you belong, you putrid bastard. God you will try to run but I will strap you down and fuck your soul before I rip it out of your body. God "the dog", your life is worthless, for I'm the angel from your new God "Satan". I destroy everything holy, you are felling my hatred pierce your mind intensely, inferior god "dog" you fucking maggot. You will be screaming in pain as I strap you down under my feet, you will look up at me and I will piss down your throat.
I'm so consumed with hatred of you that I will masturbate, and when I feel that I'm about to cum, I force my evil cock full of Satan's cum down your mouth and fill it up with my vile hot cum. I will be pumping your body full of my hot cum. Inside your brain is my blasphemy. The pressure in your skull begins push through your eyes,
burning your flesh, and I laugh as it drips away. Heat burns your skin; your mind starts to boil with my blasphemy, and pure evil hatred of your fucking existence. You will not last long; it's just a matter of time until your ripped apart with my h
It's going to be tough on them, but they really hope that windows can surpass the number of vulnerablities in unix/linux.
MS: These new WMF bugs are considered non-critical and a patch will be released during the normal patch release schedule (aka Feb 14).
In other news, Ullrich's quote in TFA was hilarious.
Who will guard the guards?
I normally don't take that much notice of the various security announcements, because most people cause their own trouble on the internet through their mode of behaviour. These news reports really are starting to make me wonder what other holes there are in Microsoft products.
Wellybog
http://www.wellybog.com
So Microsoft poo-poos the bugs. Not an issue, overblown, won't affect anybody.
Andy Grove could advise them on how not to handle such situations.
please tell me one of the bugs is not a bee, we're still sorting it out.
A feeling of having made the same mistake before: Deja Foobar
What's so unusual about that? (Seriously, it seems to happen every few months.)
...a hacker has published details of two new flaws that affect the same part of the operating system.
If you read the post on the security mailing list it sounds like someone trying to get this vulnerability out in the open so it can be fixed. Unless they mean a "white hat" hacker or a hacker in the real sense of the word but I doubt it. This is one of those words that should be used carefully, especially by "journalists".
Bradley Holt
oh this does not count as it was a different problem and can't be exploited (yet) and just because it is in the same code I am a meanie for thinking MS should have fixed WMF once and for all?
8 days should have been enough time for MS to completly check the code involved and use every attack possible. The fact that MS obviously hasn't bothered shows they still don't understand security. OF course hackers are going to try to find new exploits in WMF code since they know MS and that if there is one bug there must be others.
Oh well, at least the MS apologists get their daily excersise again. Wonder what drivel they come up with this time.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Unfortunately, these days everyone is accustomed to MS and software in general having bugs. Back when Intel was hit, it wasn't commonly known that sometimes CPUs and hardware do have bugs. People tolerate software bugs because they assume there will be a patch. With hardware, you most likely will need a replacement part.
Well, there's spam egg sausage and spam, that's not got much spam in it.
... what a fucking mess.
Why aren't the programmers that worked on any given buggy module ever named? If you faced public ridicule and loss of reputation for releasing exploitable code you might be more careful about what you certify as ready to ship.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
...if Microsoft had had the extra time and not released the patch until they considered it "fully tested", would they have caught these bugs as well?
Knowing that the WMF code is now under the microscope, will they divert resources to specifically re-vet that code, or will they sit on their rear ends and wait until another exploit is found for them?
As a tidbit of information, I have "converted" three of my neighbors to Linux -- at least dual booting, if not whole penguin -- in the last two months. Each time was at their request and for the exact same reason. Their Windows PC regularly gets trashed by spyware, viruses and worms and they've just damn well had enough in having to deal with it all. They want to get their work done, not fight with malware and have to upgrade machines because their old one isn't powerful enough to run their apps AND all the "keep me safe" software.
-Charles
Learning HOW to think is more important than learning WHAT to think.
The best part is the response from Lennart Wistrand yesterday on the MS Security Response blog. "As it turns out, these crashes are not exploitable but are instead Windows performance issues that could cause some WMF applications to unexpectedly exit." -- Lennart Wistrand http://blogs.technet.com/msrc/archive/2006/01/09/4 17198.aspx
but these latest flaws are far less serious than the vulnerability that Microsoft patched last week, according to security experts This sentence says that according to security experts Microsoft has patched the previous vulnerability. The sentence should read: but these latest flaws are far less serious, according to security experts, than the vulnerability Microsoft patched last week
As much fun as it is to lambast Microsoft for this kind of thing, the types of exploit that have been "exposed" recently are very difficult to predict in advance (i.e. use of software features in unexpected ways). It's a little like blaming Boeing for letting their aircraft be flown towards tall buildings...
Wellybog
http://www.wellybog.com
More info in this Microsoft Security Resource Center (MSRC) blog post.
Wouldn't this make 6 bugs on *nix - two for each of cedega, wine & crossover?
... Microsoft will never catch up.
"Women are just like ninjas; They lie even when it is more convenient to tell the truth." ~ Unknown
Weapons of Mass Fvckage?
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Announcing Bill The Cat's PC Operating System -- As many bugs, if not more than other leading brands, such as Microsoft Windows 98, 2000 and XP!
A feeling of having made the same mistake before: Deja Foobar
(Or do I?)
. . . that any Windows PC used to read this Slashdot story is now infected with a worm that exploits these WMF security holes.
Darn banner ads!
With spending like this, exactly what are "conservatives" conserving?
ELOI, ELOI, LAMA SABACHTHANI!?
We Share Your Pain (WE-SUP)
But still released many days after independent programmers (e.g. Ilfak Guilfanov) managed to build a fix. At work (a national lab), we were explicitly instructed not to wait for the early windows patch.
i\hbar\dot{\psi}=\hat{H}\psi
As much fun as it is to lambast Microsoft for this kind of thing, the types of exploit that have been "exposed" recently are very difficult to predict in advance
Oh, do you really believe that it is difficult to predict that failure to check for null pointers in C code might lead to serious problems? Criticizing coding and QC practices that don't measure up to professional standards is hardly facile or unworthy. It's sort of like criticizing rampant fraud, waste, and abuse in our government. Never excuse the inexcusable.
Yeah, I thought that was odd too.
I feel safe on windows now. ...
Call within the next 48 hours and you will get Outlook and Exchange bug fixes as well...
7 04
http://www.itnews.com.au/newsstory.aspx?CIaNID=21
Microsoft TC0 in New York - 354,55 (+2,57)
" " in London (Brent) - 360,00 (+2,03)
All you people that wanted Windows to rush out a fix. Take that. Now you see that rushing isn't always the best policy. They just need to take their time and make sure everything works. And, if that means they never actually fix the problem, well so be it. It's better than rushing and then realizing they only scratched the surface of the problem. Because, that's embarassing.
That statement is far less misleading than your analysis. Obviously you didn't read the entire summary, much less the article.
From TFA: "...the latest vulnerabilities appear to pose the risk of simply crashing the WMF-viewing software, typically Internet Explorer".
Crashing. Whoop-dee-doo. Annoying, sure. Hardly a security issue. (And no, the crash hasn't been shown to allow executed code, either.)
-David
One of our developers applied the Microsoft fix (along with ten others) this morning. He can no longer debug multi-threaded code in MSDev version 6.0. Stopping on a break point in any thread other than the main thread locks the GUI for all processes. At this point, we are testing if this is isolated to MSDev version 6 or all debuggers. We also do not know which of the ten or so patches was responsible. I would be interested to know if anyone else encounters this. At this point, our developer will be reinstalling his machine on Tuesday.
-Hope
Part of the problem is that MS is reluctant to phase out obsolete technologies.
Take WMF files for example. Obviously nobody making new software today, would incorporate WMF technology. It's obsolete and unpopular. The only people who use WMF tech today are those who are using software that was designed to make use of that format. And therein lies the problem. At some point in time, software programs were created that used WMF technology. MS could come out and say "WMF is obsolete, and rather than take the risk of continuing to include a software component that may compromise security, we're going to completely remove support for it in future versions of Windows, since barely anybody uses it anyway." If MS were to say that with enough legacy technologies, people would get mad at them. If you're using or writing software for some new technology, you AT LEAST want to take solace in knowing that, even if it's unpopular and discontinued, it will at least remain USABLE on future systems.
So I can sort of understand MS's pickle from that point of view. It's sort of like users complaining that some security hole in Windows 3.1 has, in 2005, still not been patched. And on the other hand, a whole wave of users would potentially be up in arms if MS decided to, in the name of security, remove support for running old 16-bit Windows 3.1 programs in Windows XP.
And incidentally, I have a box of clip art CDs in WMF format.
The same people on this forum who would criticize MS for not patching AND not removing WMF support, probably wish that Windows XP had better support for the old early-mid 90's DOS games. And yet it might be a completely impractical task (not to mention an expensive one given the limited appeal of the feature) to eliminate all of the security risks posed by support for DOS (and, don't forget, back in the DOS era, a virus was more likely to format your hard drive than email your address book).
Windows may be a feature-driven, compatibility-over-security operating system, but just because we all want security, let's not pretend we don't like features and compatibility.
WMF is wired into the GDI- it's a GDI playback script is what it really is. This means that printers use it to do the WYSIWYG printing work unless you're using Postscript printing or force the GDI to print to a RAW spool (in which the printer driver renders the print job to the spool as printer commands- which is MUCH more inefficient...).
Just because you don't think you're using it, doesn't mean Microsoft's not using it for you.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
running Win2K for a brand spanking new AMD64 with more RAM.
I ran the old thing behind a firewall and got my wife used to OpenOffice, FireFox and Thunderbird so it was pretty safe.
Performance was pathetic but since the box originally cost me nothing (a 'freebie' with tuition) I figured I was ahead of the game.
It was XMas, her iTunes had stopped working because of a DLL hell problem, so I bought the new box. (I actually bought 2 boxes, and one is slicing and dicing on slackware Linux and its noticably faster than the old 32bit AMD I had my old Linux box.)
I noticed that the default install for WinXP come with so much AV & Spyware cruft that I suspect that I'm running 1:3 in CPU cycles: 1 for the app versus 3 for the cruft.
Its actually running __slower__ at some tasks that the old Win2K box.
Windows sux donkey balls.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
[Fuck Beta]
o0t!
... what a fucking M$.
Ok, as I understand it the bug can be exploited by Web sites through downloading specifically designed WMF files? Right?
So get onto your firewall/proxy and block any URL's with WMF in them. Problem solved - unless the WMF bugs relate to non-WMF files (which wouldn't surprise me).
dnuof eruc rof aixelsid
I am not so sure about that. I once discovered a bug on a rather big site at the time which potentially exposed personal information. Knowing how big the potential was, I was afraid to let the information get into the wrong hands. So you're saying I was a black hat at that time?
And there'd been nothing wrong with it, so long as they didn't implement the Escape function. But they DID that one- so it became an unsafe beastie. I'd have patched it so that the code could still fucntion, but if it relied on that one unsafe feature, it'd be broken for you. I'm hoping that is what they did. If so, they did the fix right. If not, shame on them.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Unlikely. I doubt Linux will invoke callback hooks in WMFs that are intended to call into Windows code, and so the primary vulerability just isn't going to be there on a platform other than Windows. Sure, it was an ability designed-into WMF, but it was only meant to be used for WMFs passed around within and between live apps, not for WMFs stored on disk. There's no rational reason for libwmf to even care about that particular part of the WMF file.
The other two flaws seem to be implementation specific coding errors.
Program Intellivision!
"I use linux. I have javascript enabled, though I don't let it resize windows or anything else I don't like. I browse wherever I like, without fear, without any real need to be careful."
What browser do you use though? If it's Mozilla or a derivative (e.g. FireFox) I'd say you should be more careful. Mozilla is probably in the same order of magnitude of bugginess as IE (if not more so - just look at Mozilla's track record). It's just not targetted as much publicly. Just wait till it gains even more marketshare.
Basically any software that has had a history of crashing can probably be exploited[1].
At my current workplace I run mozilla using a different user account from my main user account. This prevents browser exploits from having read or write access to files in my home directory. Due to the version of mozilla I'm using not respecting umasks (don't ask) I had to resort to ACLs in order to allow my main account to access files downloaded with the browser.
This way I have a lot less to worry about. Hackers might wipe the files I've downloaded using the browser, but it's harder for them to touch my main files. Of course I still have to be careful that there aren't any local root exploits.
In my previous workplace I used to do a similar thing with IE - run it with a different user account (using runas with savecred on winxp).
At home, I run IE in a virtual machine for sites which require javascript activex etc. So I'm reasonably safe barring an exploitable bug in the virtual machine software (I have found some bugs but I think they are not exploitable) or a bug in the graphics driver, NIC driver or something similar (which won't be Microsoft's fault)...
There was a bug in one version of my NIC drivers which caused bluescreens when certain data patterns were downloaded. Definitely doubleplus ungood. So I had to resort to a different version.
The problem with this WMF bug is it seems that stuff like Google Desktop can trigger payload executiion whilst trying to index the WMF files. I don't use Google Desktop, so I don't know how one could restrict permissions for it.
[1] It's a sign of poor code quality. In my experience some AV software fall in this category too.
In fact, data does not in general ever contain software bugs. It is in fact the executables that might interpret that data, which contain the bugs. That there may exist datastreams that can exploit vulnerabilities in executables that interpret can only be seen as a vulnerability in the data format if and ONLY IF absolutely any present or theroetically future attempts to rigidly follow the specification for the data format exactly as it exists at that time would result in the same vulnerability existing, and the *ONLY* way to eliminate the vulnerabilty is to deviate from the data format specification. The number of data formats that have ever existed in the history of computing that contain this sort of vulnerability are exceptionally rare (I personally can't think of any, but I admit that it's theoretically possible).
File under 'M' for 'Manic ranting'