Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Responds to WMF Vulnerability

Posted by Zonk on from the not-intentional dept.

beuges writes "In an entry on the Microsoft Security Response Center Blog, Stephen Toulouse explains exactly how the WMF flaw could be triggered. BetaNews has an overview of the company's response." From the BetaNews article: "This code exists on every version of Windows since version 3.0, security firms have said. When this functionality was introduced, Toulouse said the security landscape differed from what it is now and metafile records were completely trusted by the operating system. Gibson claimed that the flaw could be exploited only by using a byte size of 1 in the metafile record, which Toulouse says is incorrect. He surmised that Gibson's tests had the offending function as the last entry in the metafile, which caused only incorrect sizes to trigger the flaw." We've previous reported on the backdoor claim.

8 of 221 comments (clear)

  1. Ah those were the days. by DrSkwid · · Score: 4, Funny

    > metafile records were completely trusted by the operating system

    when there were no disgruntled employees and no spies (international or industrial)

    everyone used telnet and ftp

    and there was no user 0

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  2. Re:Why does Windows have so much legacy? by heavy+snowfall · · Score: 5, Funny

    More importantly: when is the patch for 3.1 and MS Bob coming out?

  3. Re:Every version since 3.0? by tpgp · · Score: 4, Funny

    Indeed, the WINE people did reimplement it, complete with the vulnerability.

    Yep - the WINE people are reimplementing the windows API bug-for-bug ;-)

    --
    My pics.
  4. Cold War junk code? by AHuxley · · Score: 2, Funny
    I have always wondered about code from the mid 80's and the East Block.
    Thinking back to http://it.slashdot.org/article.pl?sid=04/03/02/071 9247


    Was M$ helpeing to add a little extra into the USSR as US software flooded east?
    The fun of a free door into any network thanks to M$ moving around the world?

    In America bad code is no problem, it is just for end users.
    In Soviet Union, expensive stolen code kills YOU.

    Was M$ just a CIA front company gone too far?

    --
    Domestic spying is now "Benign Information Gathering"
  5. Re:Every version since 3.0? by pato101 · · Score: 2, Funny
    Yep - the WINE people are reimplementing the windows API bug-for-bug ;-)

    Otherwise sotware would not crash as expected.

  6. Re:Every version since 3.0? by Waffle+Iron · · Score: 5, Funny
    The WMF flaw was patched ahead of schedule and it works fine.

    Indeed. Here's the original schedule, as found in the source to Windows 3.0:

    /*
    * SATABORTPROC - Error Callback
    *
    * FIXME: Could this be a security issue? We really
    * need to get somebody to take a look at this sometime
    * within the next 20 years or so. XXX Need to recheck
    * around the 2007 timeframe. -AB 5/86
    */
  7. [OT] So that's what WOW stands for by achurch · · Score: 2, Funny
    In fact, Windows does run Windows 3.1 apps in a VM type process these days, it's called a WoW (Windows on Windows) VM

    So that's what the "wow" in wowexec means . . . and here I always thought it was some overworked coder saying "wow, we actually managed to get this ancient crapola working". You learn something new every day!

  8. Like they say, politicians always know best! by notaprguy · · Score: 2, Funny

    I think we should leave all technology decisions up to politicians. They know what's best for the rest of us. As a matter of fact, I'm thinking of putting up a Web site to encourage companies like Google, IBM, Microsoft and Apple to put politicians on all of their boards so that we're sure to get what's best for the people. Clearly in this case the Korean's are ahead of us!