Microsoft's Urgent Patch Precedes Black Hat Session

← Back to Stories (view on slashdot.org)

Microsoft's Urgent Patch Precedes Black Hat Session

Posted by Soulskill on Wednesday July 29, 2009 @12:54AM from the no-time-like-the-present dept.

Julie188 writes "Mystery solved! Microsoft's latest emergency out-of-band patch was weird beyond belief. A notice was sent to journalists and researchers late Friday evening that the patch was coming Tuesday, but Microsoft refused to explain the flaw and even put a cone of silence around researchers who would have otherwise talked about it. But finally, one researcher broke ranks and explained that the patch was caused by a flaw introduced in Microsoft's own development tools. This flaw was also the source of the emergency ActiveX patch, which took about 18 months to complete and which supposedly fixed the problem by turning off ActiveX (setting a 'killbit' on the control). Researchers at Black Hat on Wednesday will be demonstrating how to override the killbit controls and get access to vulnerabilities supposedly stopped with a killbit. What's really scary is that Microsoft has issued 175 killbits fixes so far."

11 of 232 comments (clear)

Min score:

Reason:

Sort:

Cone of Silence? by eldavojohn · 2009-07-29 01:04 · Score: 5, Funny

Microsoft refused to explain the flaw and even put a cone of silence around researchers
Those suck. My dog had to wear one of them for a week. Didn't shut him up but it sure stopped him from licking what used to be his balls.

--
My work here is dung.
1. Re:Cone of Silence? by Anonymous Coward · 2009-07-29 01:44 · Score: 1, Funny
  
  Microsoft refused to explain the flaw and even put a cone of silence around researchers
  Those suck. My dog had to wear one of them for a week. Didn't shut him up but it sure stopped him from licking what used to be his balls.
  Do researchers lick their balls?
It took 18 months... by FunPika · 2009-07-29 01:05 · Score: 2, Funny

To make a patch that simply turned off ActiveX? I better be misreading this...

--
After years of not using a signature, I am going to make one to say the following: Fuck Beta
Killbits, Killbill ... by bagsta · 2009-07-29 01:11 · Score: 2, Funny

When I hear about killbits, killbill comes in my mind. I don't know why though...

--
Until the skies turn blue...
Until the air of freedom strikes us...
Re:sensationalist much? by Fred_A · 2009-07-29 01:32 · Score: 3, Funny

yes activex sucks, anyone who doesn't know this already has rocks in their head, but calling a patch "weird beyond belief"? MS gets wind of security hole that might be really bad, patches it urgently.
Not only that but they patch it urgently for the 175th time. If that isn't urgent I don't know what is.
I don't know of any other OS company that's that focused on security that it patches the same kind of thing that many times : "We have to make sure, the security of our users is important to us !".
Now that's dedication !

--

May contain traces of nut.
Made from the freshest electrons.
Re:The real mystery by mcgrew · 2009-07-29 01:55 · Score: 4, Funny

I've always been baffled by Microsoft marketing's insistence that ActiveX is pronouced "active" with the "X" silent. I've never met anyone who didn't pronounce the technology "Active-X".
Considering all the exploits it's made possible, I call it hActive-X.

--
Free Martian Whores!
Re:Standard Operating Procedure by abigsmurf · 2009-07-29 02:16 · Score: 2, Funny

Doesn't sound like a bad tactic to me.

*Haxx0r ur world con 2009*

Today I will demonstrate on this stage a vulnerability that MS have known about for a year! I will show off an attack that will give me control of any system!

*opens IE and visits the site with his exploit*
*nothing happens*
...
*becomes aware of the sound of crickets and 2000 people in the audience*
Re:It's the commonality. by hairyfeet · 2009-07-29 03:48 · Score: 4, Funny

As a Windows repairman, I'll let you in on a little secret: You wanna know why Windows gets exploited and Linux don't? You really wanna know why? The answer is simple: PEBKAC, that's why. Linux guys just aren't gonna run email spam attachments, Hot_Lesbos.mp3.sh, or any of the other truly fucking dumb things Windows users will do. Since I believe in good story telling examples, I'll tell you a true story. Meet Velma.
This is little Velma, who works at an insurance company. Say hi Velma (Hi Y'all!) isn't she sweet? Everybody just loves little Velma. But here in the Windows repair biz we have a name for little Velma, and it is....dum dum dum....The disaster area! Because you see, little Velma has a BFF Kim, who is what we in the Windows repair biz call a "click whore" in that she will click on ANYTHING. Spam attachments, dubious screensaver programs, adware, you name it Kim will click it. And Velma trusts her BFF Kim, because they go on vacation together and anything bad from kim must be a trick, because Kim wouldn't do that. So lets see an actual interaction between the gruff but lovable local repairman hairyfeet and Velma, shall we?
/feet/ Velma, that is a password protect email attachment. That is a virus, do NOT open and run that! /Velma/ Ohh...you worry too much. It is from my BFF Kim, see here name on there? And it says it is happy puppy pictures. Who doesn't like puppies? /feet/ Velma it is telling you to turn off the AV before running and the file is happy_pup.jpg.exe. Do NOT turn off the AV and run that or you will bone the machine! It is a bug! /Velma/ Ohhh you....go drink some decaf. My BFF Kim would never do that to me.../turns off AV, runs program. Porn popups start spewing and network crashes/ /Velma/....Oops.....but it must be a trcik! My BFF Kim wouldn't do that! /feet/..........
And there you have it, an actual infection of an actual Windows user. Could MSFT have done anything to stop it? Short of giving Velma a thin client with no install capability no. And don't worry, Linux guys! If you manage to lure Velma and all her PEBKAC friends to your OS, I'm sure your friends at the Russian Business Network and their friends in China and Nigeria will be cooking up "Happy_pup.jpg.sh" with nice easy to follow instructions so Velma and her friends can turn Linux into a virus laden whore, just like Windows! Won't that be nice?

--
ACs don't waste your time replying, your posts are never seen by me.
How many kb is that? by griffjon · 2009-07-29 05:29 · Score: 2, Funny

Microsoft has issued 175 killbits fixes so far.
So, how many kilobytes of killbits is that?

--
Returned Peace Corps IT Volunteer
Re:sensationalist much? by WD · 2009-07-29 05:36 · Score: 3, Funny

Sure, it's easy to disable killbits if you have the ability to run code on a windows system. But if you've already reached the point of running arbitrary code on a windows system, why would you go through the trouble of disabling a kill bit and then hope that the ActiveX control gets exploited so that you can... run code on a windows system? Think about it.
Re:Imagine. by jonadab · 2009-07-29 13:04 · Score: 3, Funny

> I bought a Mac with 10.4 and haven't spend
> a dime since then for OS updates. i.e. Cheap.

Alright, I am now officially tired of this "whose upgrades are cheaper" argument between the Mac and Windows folks, so listen up:

I got a CheapBytes Debian CD in 1998, and updates are always free. That makes my total cost something like six bucks, including shipping, in eleven and a half years, which averages out to fifty-some cents per year.

So everyone who spends more than a dollar a year on software can just SHUT UP about how cheap their option is, okay?

--
Cut that out, or I will ship you to Norilsk in a box.