Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS06-049 Causing Silent Data Corruption

Posted by ryuzaki0 on from the oh-who-wants-encryption-anyway dept.

Uncle Mike writes "It looks like there is a problem with the recently released MS06-049 / KB920958 patch. If you have compression activated on any folder, then the compressed data is at risk from corruption. New files that are close to a multiple of 4K in size will have their last 4,000 bytes or so overwritten with 0xDF. Although this problem has been reported to Microsoft, as yet there appears to have been no official announcement. "

5 of 205 comments (clear)

  1. How to avoid by neonprimetime · · Score: 4, Informative

    assuming you're using Windows

    It has been confirmed that either turning off the compression attribute (disk space permitting) OR uninstalling KB920958 will prevent further loss of data.

  2. Re:RAID by khang · · Score: 3, Informative

    wrong, RAID would just mirror the data corruption

    --
    -khang
  3. Re:How does something like this happen by something_wicked_thi · · Score: 3, Informative

    Oh, please.

    MS bashing is fun and all, but do you have any idea how a kernel works? Anything can step on anything else. An off-by-one error in a kernel can be catastrophic to any number of things. This one does sound suspicious, but keep in mind that the code that is failing is probably only peripherally related to the code that was patched. They say they patched a buffer overflow. Maybe the buffer was already being overflowed by the compression code and patching it caused the compression to break. That might explain why it's the last 4000 bytes or so in a file that's almost a multiple of 4K.

    The real question is why they didn't catch it in testing, especially with MS's extra-long patch process where they spend so much time testing (that is the current excuse for the months that pass between reports and patches, right?). Being "extra careful" does not save you from these types of bugs and being a programmer for as long as you have, you ought to know that being careful just doesn't cut it.

  4. More background please... by Chris+Pimlott · · Score: 5, Informative

    The summary blurb is rather cryptic. MS06-049 is a patch to... what? Just Windows 2000 or XP too? And this was a patch for some vulnerability, assumedly? Which?

    After a bit of research, here's what should have been included: MS06-049 was an elevation of privledge issue discovered in the kernel of Windows 2000 SP4 only. The patch for the issue, KB920958, appears to have a bug resulting in corruption of compressed folder.

    The title is misleading as well. MS06-649 is the issue and KB920958 is the patch; the patch is what's causing the corruption, not the original issue.

  5. Re:interesting by X0563511 · · Score: 3, Informative

    Well, if you look closely you find that this patch is for Windows 2000 SP4 only, and all other versions of windows are not affected.

    That does make a big difference, win2k is not MS' top priority.

    Not that I condone their delay or lack of forsight, however.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...