Microsoft Responds to WMF Vulnerability

beuges writes "In an entry on the Microsoft Security Response Center Blog, Stephen Toulouse explains exactly how the WMF flaw could be triggered. BetaNews has an overview of the company's response." From the BetaNews article: "This code exists on every version of Windows since version 3.0, security firms have said. When this functionality was introduced, Toulouse said the security landscape differed from what it is now and metafile records were completely trusted by the operating system. Gibson claimed that the flaw could be exploited only by using a byte size of 1 in the metafile record, which Toulouse says is incorrect. He surmised that Gibson's tests had the offending function as the last entry in the metafile, which caused only incorrect sizes to trigger the flaw." We've previous reported on the backdoor claim.

Every version since 3.0?

[Captain_Thunder]

That's quite a long time to have a flaw in your OS. Maybe they should focus more on security rather than a fancy new AeroGlass interface.

Re:Every version since 3.0?

[HugePedlar]

Indeed. Sometimes, late at night, I worry about legacy code. Are we ever going to receive a brand new OS from Microsoft, or will each release merely be an upgrade from older versions?

I understand the importance of being able to run old programs, but surely Vista could have included a virtual machine or something for XP compatibility - is it really that hard to create a new OS from scratch with proper security etc. as a starting point, not an add-on? Yes it would be a mammoth task, but MS is pretty big, you know.

I don't know - when you have vulnerable code from Windows 3.1 in your latest release, don't you want to just cut the cord and start again?

Re:Every version since 3.0?

[CastrTroy]

Actually, they didn't actually rewrite from scratch. They used BSD, I think. The problem with this, is that if Microsoft chooses something too close to Unix, then it will be easier for people to move away from their operating system. The reason that many people don't switch now, is that moving is very abrupt, and you not only have to change the OS, but many of the applications at the same time. If the OS was unix based, the move could be much more gradual. The funny thing I remember is that the microsoft research lab created an OS that was based on security from the bottom up, and it still ran faster than windows XP. Which I realize isn't that hard, since it's so slow, but shows that you can build a secure OS, that still performs well.

Re:Every version since 3.0?

[poot_rootbeer]

Are we ever going to receive a brand new OS from Microsoft, or will each release merely be an upgrade from older versions?

Did Windows NT 3.1 count, or is it disqualified for inheriting code from VMS and OS/2?

Linux can trace its kernel lineage back to 1991, and many of its utilities are much much older than that. Are we ever going to receive a brand new OS from Torvalds?

What's the incentive for anyone to re-invent an operating system from scratch? A desire to create the next BeOS? There's too much collected knowledge in the decades' worth of "legacy" OS code that would be foolish to throw out.

"Landscape has changed"

[jav1231]

I think maybe Windows' landscape has changed but security wasn't so passe' to other software makers. I wonder how much arbitrary code could have been executed by UNIX or even Netware in those days? And I leave open the possibility that it could have. In the long run, this was left uncheck and maybe forgotten for what, 12-15 years now? And more importantly, was brought right into the server code from the desktop code.
I think therein lies the fundamental problem with Windows and why SA's warned for years about Microsoft's assbackwards approach to security. Windows is at it's heart a desktop OS and as such has a reverse understanding of security.