Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS06-049 Causing Silent Data Corruption

Posted by ryuzaki0 on from the oh-who-wants-encryption-anyway dept.

Uncle Mike writes "It looks like there is a problem with the recently released MS06-049 / KB920958 patch. If you have compression activated on any folder, then the compressed data is at risk from corruption. New files that are close to a multiple of 4K in size will have their last 4,000 bytes or so overwritten with 0xDF. Although this problem has been reported to Microsoft, as yet there appears to have been no official announcement. "

25 of 205 comments (clear)

  1. interesting by Intangion · · Score: 5, Insightful

    its interesting how when they make a patch that corrupts your data you dont hear anything from them.. but when someone makes a program to allow fair use by opening DRM on their movies they come up with a CRITICAL patch within ours to prevent it. i think that speaks to their priorities, protecting their drm IMPORTANT protecting your data hmm.. not so important

    1. Re:interesting by deadlinegrunt · · Score: 3, Funny

      "...Have you read the EULA? Well, neither have I actually..."

      Are you this person by chance?

      --
      BSD is designed. Linux is grown. C++ libs
    2. Re:interesting by exclusive_lock · · Score: 3, Funny

      As the late Steve Irwin would say: "CRIKEY!".
      You're right, I should've known that venomous EULA would turn right back and bite me (and all Microsoft customers) in the rear.

      "Satisfaction Guaranteed!"*



      * The term "Satisfaction" and "Guaranteed" are used only for illustration purpouses in a figurative, subliminal manner.
      Enlarged to show texture. Serving suggestion.
      As a matter of fact, no satisfaction guaranteed whatsoever, by any means.
      Reading the words "satisfaction" and "guaranteed" above certifies you accept this disclaimer, its terminology, grammar and syntax errors as the single source of truth given to us by the Flying Spaghetti Monster.
      By the way, why are you reading down here? Our legal department wants to know who reads this stuff (and sue them).
      Don't bother to ask "Who is it?" the next time someone knocks at your door, it's them.

    3. Re:interesting by X0563511 · · Score: 3, Informative

      Well, if you look closely you find that this patch is for Windows 2000 SP4 only, and all other versions of windows are not affected.

      That does make a big difference, win2k is not MS' top priority.

      Not that I condone their delay or lack of forsight, however.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  2. A Paradox... by __aaclcg7560 · · Score: 4, Funny

    If data is being silently corrupted, is there a problem if no one can hear it? That could explain Microsoft's silence.

  3. How to avoid by neonprimetime · · Score: 4, Informative

    assuming you're using Windows

    It has been confirmed that either turning off the compression attribute (disk space permitting) OR uninstalling KB920958 will prevent further loss of data.

    1. Re:How to avoid by PFI_Optix · · Score: 5, Funny

      "assuming you're using Windows " ...if you're using Linux, the process is far more complex. Got a Mac? You're screwed.

      --
      120 characters for a sig? That's bloody useless.
    2. Re:How to avoid by CosmeticLobotamy · · Score: 4, Funny
      I wish I had one of those cute ASCII graphics of a circle going over a tiny guy's head handy. I'll try to make my own, but I'm probably gonna screw this up.


      0
      ----
      | <-You
      /\

      o <-Joke


      ... Crap.
  4. RAID by Karma+Farmer · · Score: 3, Funny

    As is often pointed out on slashdot, this is why it's so important to have a good backup plan. Like most slashdotters, I recommend RAID.

    1. Re:RAID by khang · · Score: 3, Informative

      wrong, RAID would just mirror the data corruption

      --
      -khang
  5. what i think by robpoe · · Score: 4, Funny

    Well, it's interesting that 0xDF0xDF0xDF0xDF0xDF0xDF0xDF0xDF0xDF0xDF0xDF0xDF0x DF0xDF0xDF0xDF0xDF0xDF0xDF

    --
    = Grow a brain...
    1. Re:what i think by Stavr0 · · Score: 3, Funny
      I agree, some other people have meßßßß . . .

      Oh, that explains it: it's a beta patch.

      ß / 0xDF is &szlig ; or Esset. So the article is incorrect, the last bytes are overwritten with random data in the form of white noise. "ßßßßßßßßßßßß" is pronounced "ssssssssssssssssssssssssss". OMFG!11! SNAKES ON A PLATTER!

  6. Re:How does something like this happen by avalys · · Score: 5, Insightful

    If you really have been programming for a long time, you must only be writing very simple programs if you've never had something like this happen, and you think that being "extra careful" is all you need to do to avoid it. What type of programmer does this? Every type of programmer - it's unavoidable.

    The programmer is not to blame here. The real question you should be asking is "What type of QA department fails to catch a bug like this?"

    --
    This space intentionally left blank.
  7. Re:How does something like this happen by something_wicked_thi · · Score: 3, Informative

    Oh, please.

    MS bashing is fun and all, but do you have any idea how a kernel works? Anything can step on anything else. An off-by-one error in a kernel can be catastrophic to any number of things. This one does sound suspicious, but keep in mind that the code that is failing is probably only peripherally related to the code that was patched. They say they patched a buffer overflow. Maybe the buffer was already being overflowed by the compression code and patching it caused the compression to break. That might explain why it's the last 4000 bytes or so in a file that's almost a multiple of 4K.

    The real question is why they didn't catch it in testing, especially with MS's extra-long patch process where they spend so much time testing (that is the current excuse for the months that pass between reports and patches, right?). Being "extra careful" does not save you from these types of bugs and being a programmer for as long as you have, you ought to know that being careful just doesn't cut it.

  8. Re:How does something like this happen by CosmeticLobotamy · · Score: 4, Funny

    What type of programmer puts such possibilities or leaks in a program?

    Every programmer that's ever worked on something longer than 6 or 7 lines of code? Except you, of course. I've been in the bathroom after you and am always impressed by the way it smells just like roses.

  9. More background please... by Chris+Pimlott · · Score: 5, Informative

    The summary blurb is rather cryptic. MS06-049 is a patch to... what? Just Windows 2000 or XP too? And this was a patch for some vulnerability, assumedly? Which?

    After a bit of research, here's what should have been included: MS06-049 was an elevation of privledge issue discovered in the kernel of Windows 2000 SP4 only. The patch for the issue, KB920958, appears to have a bug resulting in corruption of compressed folder.

    The title is misleading as well. MS06-649 is the issue and KB920958 is the patch; the patch is what's causing the corruption, not the original issue.

  10. Those files were important. by Anonymous Coward · · Score: 3, Funny

    Those files were important! Sheißßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß

  11. When you have a monopoly by Colin+Smith · · Score: 4, Insightful

    What're your customers going to do?

    --
    Deleted
    1. Re:When you have a monopoly by Tackhead · · Score: 5, Insightful
      > When you have a monopoly
      >
      > What're your customers going to do?

      The guy at the keyboard of a Windows Vista box, using Microsoft Office at work, and Windows Media Player at home is not the customer, he is the product. The customers are Dell, AOL, media licensing conglomerates, and so on.

    2. Re:When you have a monopoly by theCoder · · Score: 3, Insightful

      That may be accurate for televion broadcasts, but it isn't so for Microsoft. Customers are people who pay for services. AOL and the media companies aren't paying MS anything, other than licensing fees for the services they use from Microsoft (i.e., their Windows PCs). Microsoft is paid by the guy at the keyboard of the Windows box (or his employer).

      Microsoft may be able to leverage all those customers into a product for another customer (such as advertising or licensing DRM solutions), just like the movie theater leverages their movie watching customers into a product for advertising. Until Windows is free (as in beer), the guy using Windows is a still a customer.

      --
      "Save the whales, feed the hungry, free the mallocs" -- author unknown
  12. Re:How does something like this happen by theshowmecanuck · · Score: 3, Insightful

    Made me think of Grannies Perls of Wisdom I read on Java Ranch (I first found it about 6 or 7 years ago...): "Testing can show the presence of bugs, but not their absence."

    --
    -- I ignore anonymous replies to my comments and postings.
  13. Re:If the RIAA et al subpoena you by godefroi · · Score: 3, Insightful

    Hopefully that's a joke. Pretty much nobody would put music on a compressed drive, as nearly ALL of the music formats in common use today are compressed. Rather heavily. Those music formats that aren't don't compress very well anyway.

    Additionally, the thought that MS would release a patch that intentionally corrupts data is unthinkable, for ANY corporation. The civil (and possibly criminal, who knows) liabilities would be ENORMOUS.

    --
    Karma: Poor (Mostly affected by lame karma-joke sigs)
  14. Re:How does something like this happen by Rashkae · · Score: 3, Insightful

    Maybe you should ask Linus... I seem to remember a released stable kernel that neglected to sync file systems before shutting down.....

    I love Linux, hate Windows, but point it, sh!t happens.

  15. Re:You can stop now by 0xABADC0DA · · Score: 4, Funny
    I hate to burst your bubble, but you did not check the return code from printf. What if stdout is closed, as in "./a.out >&-"?

    Original troll never writes any bugs, so his hello world is more like this:
    int main(int czArgCount, LPSZ *lpszArgv[]) {
        if (-1 == printf("Hello world!\n")) {
            if (errno == EBADF) {
                if (-1 == fprintf(stderr, "Error stdout closed!\n")) {
                    int fdTty = open("/dev/tty", O_WRONLY, 0666);
                    if (fdTty != -1)
                        write(fdTty, "Hey dumbass dont close my streams\n", 34);
                }
            }
            exit(1);
        }
        exit(0);
    }
  16. Re:How does something like this happen by Rob+Kaper · · Score: 4, Funny

    Plus, why would you pad with 0xDF instead of null? (There might be a reason, but I don't know of it.)

    So this is how Microsoft claims support for ODF. Clever.