Slashdot Mirror


Microsoft Responds to WMF Vulnerability

beuges writes "In an entry on the Microsoft Security Response Center Blog, Stephen Toulouse explains exactly how the WMF flaw could be triggered. BetaNews has an overview of the company's response." From the BetaNews article: "This code exists on every version of Windows since version 3.0, security firms have said. When this functionality was introduced, Toulouse said the security landscape differed from what it is now and metafile records were completely trusted by the operating system. Gibson claimed that the flaw could be exploited only by using a byte size of 1 in the metafile record, which Toulouse says is incorrect. He surmised that Gibson's tests had the offending function as the last entry in the metafile, which caused only incorrect sizes to trigger the flaw." We've previous reported on the backdoor claim.

4 of 221 comments (clear)

  1. Ah those were the days. by DrSkwid · · Score: 4, Funny

    > metafile records were completely trusted by the operating system

    when there were no disgruntled employees and no spies (international or industrial)

    everyone used telnet and ftp

    and there was no user 0

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  2. Re:Why does Windows have so much legacy? by heavy+snowfall · · Score: 5, Funny

    More importantly: when is the patch for 3.1 and MS Bob coming out?

  3. Re:Every version since 3.0? by tpgp · · Score: 4, Funny

    Indeed, the WINE people did reimplement it, complete with the vulnerability.

    Yep - the WINE people are reimplementing the windows API bug-for-bug ;-)

    --
    My pics.
  4. Re:Every version since 3.0? by Waffle+Iron · · Score: 5, Funny
    The WMF flaw was patched ahead of schedule and it works fine.

    Indeed. Here's the original schedule, as found in the source to Windows 3.0:

    /*
    * SATABORTPROC - Error Callback
    *
    * FIXME: Could this be a security issue? We really
    * need to get somebody to take a look at this sometime
    * within the next 20 years or so. XXX Need to recheck
    * around the 2007 timeframe. -AB 5/86
    */