WMF Flaw not a Backdoor

koro666 writes "In a blog post, Mark Russinovich from SysInternals responded to the allegations made by Steve Gibson labeling the flaw as an intentional backdoor. It seems that the hype was about Steve's discovery that the code would only be executed if the size of the metafile record was deliberately tampered with, which is not the case. The technical details are explained in his post."

Doorframe

[Renraku]

Not quite a backdoor in itself, but it makes a very nice doorframe. Complete with the Windows 'critical flaw of the month' moulding and Welcome mat placed in front of it, just ready for someone with a door to install it into the wall...

Re:Doorframe

[Bimo_Dude]

Agreed. While it is important to know whether or not this was put in intentionally (IMHO, not intentional), I think what's more important is the fact that it exists, and what can be done to reduce the exposure to this flaw. Educating users is a good start. Maybe more of the mainstream media could cover stories such as this, and include instructions on how to patch / update for those who don't know.

I don't think many people too Gibson seriously...

[tpgp]

At least not many people I know.

I think the real question about this WMF vulnerability is how on earth could it have survived five years under the new security aware, code auditting regime that we supposedly have at Microsoft?

(Please don't reply that the wine people implemented it too - their goal reimplement the windows API, not audit it for security)

ride the wave

[DeveloperAdvantage]

because the issue continues to draw media attention I've decided to publicly document my investigation.

i.e., I'd better hurry and get this out before nobody cares. :)

Re:it doesn't matter

[vdboor]

Conspiracy theories don't need reasons backing them up

You've got a good point here and it describes the other side of of Steve Gibson. After reading that site, you'll understand his stories are mostly made of popular speak or disinformation, rather then scientifical information.

So while you may admire him for his charisma, you shouldn't for his expertise. Would you e-mail him about an error, he'll silently correct it as if he'd always known it. You won't find him at an official security conference, but in the eyes of his fanbase he remains a god. I can image people are felling for his stories through, his stories make you get excited easily.

Re:FIGHT! FIGHT! FIGHT!

It's hardly a competition. Mark knows Windows inside and out. He was the first licensee of the Windows NT source code and used it to produce a toolkit that is used as the basis for many of the device drivers that have been produced for Windows. Gibson has written some apps and has shot his mouth off about something before he'd looked closely enough. Sure the documentation for SetAbortProc was wrong, but this is a mechanism that is used in many parts of the Windows API and he should have realised how it was used.

Hit counts don't count for much. Britney Spears is the highest in terms of web searches. I guess that means she beats both Mark and Gibson.

How dumb can you be?

[terjeber]

So, why would M$ (or anyone there) need to create such an elaborate "back door" to Windows? I mean, they could put anything in anywhere they wanted to. If they wanted to download some stuff to my PC and execute it they could distribute it as an update. They could add the code to IE or the kernel. This is one of the dumber conspiracy theories I have read.

Re:FIGHT! FIGHT! FIGHT!

[TarikJax]

When Gibson was asked about the WMF thing being a back door he immediately replied "that's the only explanation." To me, that's not the language of a man who is open minded. There's no evidence that this is a backdoor other than Gibson's accusation and that is based on a false premise (that the metafile size was the deciding factor).