Microsoft Finally To Patch 17-Year-Old Bug

eldavojohn writes "Microsoft is due for a very large patch this month, in which five critical holes (that render Windows hijackable by an intruder) are due to be fixed, in addition to twenty other problems. The biggest change addresses a 17-year-old bug dating back to the days of DOS, discovered in January by their BFF Google. The patch should roll out February 9th."

Nothing quite like a "timely" response

[msobkow]

How in the world can a bug exist for 17 years when they've released so many versions of Windows in that time? Hasn't the kernel been revamped three times? (Win98/ME, WinNT/Win2K/WinXP, Vista/7)

Re:Nothing quite like a "timely" response

[bheer]

> Windows 3.1 - 7 are often based on the same code set.

You, sir, do not have the vaguest idea of what you are talking about.

> to get into windows 3.1 you need to type in "win" at the DOS window.

I thought for a moment you meant Windows *NT* 3.1 - 7, but ... it's clear that you didn't mean that.

FWIW, this bug affects all NT OSes right back to NT 3.1 (the first released version) and is an obscure kernel bug (it was only found in January 2010!). The BBC article was light on details except to say it "involves a utility that allows newer versions of Windows to run very old programs", but there's more detail from the always-excellent full-disclosure mailing list.

Re:Nothing quite like a "timely" response

[noisyinstrument]

If I had got a dollar for every time I had to correct someone for RAS syndrome style mistakes I'd never have to visit an ATM machine again.

Idiots!

Re:Nothing quite like a "timely" response

[symbolset]

Windows 7 is very much still built on the NT codebase.

You lie! Longhorn (Vista, Server 2008) was built from the ground up. Microsoft told me so!

They wouldn't lie to me. <sniff>

Re:Nothing quite like a "timely" response

[symbolset]

I've known about this bug for many years - it's one of a few that date back to my college days when I had a scholarly interest in such things. Back then I used to haunt the dark corners of the Internet where these things were good for a laugh. Now they're good for a quarter million dollars because GO's haunt the dark corners now and they pay good money, and only now are ones like this coming out in common knowledge. You may be sure that if you're a high value target you've been exploited this whole time and that's why your competitors mysteriously beat you to market, or how knockoffs appeared more suddenly after your innovation than reverse engineering would allow.

What's absurd is that there are hundreds more just in the core OS. Go to apps and WMP doesn't have a streaming format that doesn't have pwnership, and let's not even talk about IE. Then there's all the forgotten formats and services, each with its vestigal exploits that still work. And then there's Office. Good Lord, as if providing multiple Turing machine capable development environments were not enough, every app includes embeds for hundreds of formats that can hose any machine that opens a document, and for each of those there's a Microsoft-only undocumented interface that's truly trusted to be exploited, because that's how they roll. And one of those apps is an email client - think about that for a bit.

Each fix only adds to the problem. Even if the patch doesn't add new exploits (most do) most people don't patch, and half of the few who do patch slowly to avoid incompatibilities. In the meantime the patch gives clues to the amateurs on which features to exploit. For 90% of systems you only need to pwn it once and leave some obvious malware and the idiot running it will clean it and think it's all good. So the smart black hat builds a database of servers running Windows he can get at from his previously Pwned boxes (yes, some of them are probably inside your firewall and most but not all of them are clients) and crafts a package to pwn the rest of your network and if necessary leave some cleanable traces. The truly nefarious black hats exploit the patching system itself - of course it has exploits and hidden hooks too.

Each rewrite leads to new problems. In 2008 how the hell do you write a server OS that hangs on a bad packet on the file sharing service? That's not what Bill promised us in 2002. In six years they couldn't even get that right? That's your clue that they're not even trying or at least they're not able. At the very least they're struggling just to copy a file as if that were a new requirement.

You would think with the billions they have to throw away on XBox and Pink, from Bing to Zune, Microsoft could afford to hire a few Pakistani code geeks to haunt the dark corners and report what they find written on the wall there. They're getting rid of their profits but they're not doing it well. You would think code security audits would extend to the historical catalog of code, but no... that group has enough to do just vetting this month's patches, let alone the output of the dev teams. I imagine the rest of them are building Bing interfaces into Yahoo's services as if they had a hope in hell of getting us to use Bing. For sure they're not throwing a ton of quality code geeks into saving their butt on WiMo 7. Fixing bugs widely known in the Underground that consumers like you don't know about? That's a 0 priority task.

Windows shops: not only are we laughing at you - we always have and we always will. You poor bastards.

Not discovered in January

[WD]

Tavis disclosed the ntvdm vulnerability in January, however it was reported to Microsoft on June 12, 2009.
http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072549.html

Cicada bug?

[nicknamenotavailable]

Let's call it the Cicada bug.

A Cicada has a life-cycle of 17 years.
Now Microsoft is about to squash it.

"Finally"?

[holygoat]

Isn't it a little disingenuous to say "finally" when the bug was discovered last month?

That it was introduced 17 years ago doesn't mean that Microsoft has been tardy about fixing it...

Re:"Finally"?

[Nimey]

It was reported to MS in the middle of last year, and the bug's discoverer made it public last month after Microsoft still hadn't fixed it.

Re:This is great news!

[Obstin8]

Sorry man, you're posting a comment that just proves you're way too old to be commenting on /.

First, most of the current batch of MCSEs (is that acronym still allowed?) will be replying to you asking for the 800 number for Dr. Dos. I suggest you send them to the Dr. Who site.

Second, your reference to an obscure company called Digital Research will confuse the weenies. DRI.COM now resolves to a site for Colburn's Travels. It appears Mr. Colburn has achieved more mileage from the site than DRI ever did. Check the stats.

Lastly, you're really confusing people with the whole concept of a 'spurious' error. Microsoft has - through the determined, repetitive, and consistent application of "innovation" - eliminated all spurious errors from the code-base. All errors are now completely intentional, rational and self-explanatory. Click here for more information. :)

Re:oldest bug evar... and other leet speechisms

No wonder BSD is dying.

I'm guessing you know this

[symbolset]

No, That's Windows 7 by itself. Office is 3GB extra.

The cited DSL fits in 64MB, all things included.

Damn Small Linux is small enough and smart enough to do the following things:

• Boot from a business card CD as a live linux distribution (LiveCD)
• Boot from a USB pen drive
• Boot from within a host operating system (that's right, it can run *inside* Windows)
• Run very nicely from an IDE Compact Flash drive via a method we call "frugal install"
• Transform into a Debian OS with a traditional hard drive install * Run light enough to power a 486DX with 16MB of Ram * Run fully in RAM with as little as 128MB (you will be amazed at how fast your computer can be!) * Modularly grow -- DSL is highly extendable without the need to customize

It includes three browsers, document processing, email, spreadsheet, VOIP, and a lot more.

The smallest pendrive I've ever heard of is the 64MB USB 1.0 device I'm holding in my hand right now that I bought my wife more than a decade ago. I paid $79 for it at Fred Meyer, because tech stores wouldn't carry it. Actually, there were 16 and 32MB versions of this, but let's not go there because this was the Windows 95 era.

I am on the record as stating that we've had no productivity increases since the advent of Windows. Let me quote from a wise man:

"Word processing was a solved problem in 1984. By 1987 spreadsheets had all the functions a normal person would ever use. Databases took a little longer, but by 1990 that was sorted. An infant could have been born that day and by now would be almost of age to vote and we've seen no real improvement in productivity since."

64MB is 0.32% of 20GB.

So let me ask you: If the Office team needs 3,000 MB to install their full application set, what can they do with 30MB - 1% of that? Splash? Can they even do that?

Re:Maybe I'll have to take your word for it?

[redalien]

Yeah? Well my dick's smaller than yours!