Submitted by Just when you thought the insanity was over, researchers claim that two new WMF exploits (along with proof of concept code) have been identified in the wild. This news comes just days after Microsoft released an ‘out of cycle’ patch for a newly discovered WMF exploit. The new flaws affect fully patched versions of Windows 2000, Windows XP (SP2 included) and Windows Server 2003.
No big suprise.
Hopefully Microsoft will patch those way faster than last time.
I’m not sure how it gets much faster than last time, unless you just create a hacked up patch and toss it out there without testing it.
While it doesn’t take long for them to create a patch, testing isn’t a five second process.
“I’m not sure how it gets much faster than last time”
Someone takes it more seriously this time around. You honestly can’t be telling me that a company as big as Microsoft needs that long to patch a problem in the very same code that they’ve only just finished working on fixing days earlier.
“Response speed
Microsoft’s fix for the flaw was the quickest turnaround ever for a Microsoft patch, released only 10 days after the vulnerability was made public,”
http://news.zdnet.co.uk/0,39020330,39246273,00.htm
Consider the easy exploitation and the severity of the flaw, 10 days are just too long.
Not just is 10 days too long, it is an embarrassment !
Says something about how bad the codebase is
Nor is it a two week process. There is not enough time for that.
Better the system is broken because of the fix than the system being broken because of the exploit.
hopefully they’ll just remove WMF support
Browser: w3m/0.5.1
I still don’t know what WMF was good for in the first place.
But was that privately made patch by Ilfanov(?) also circumvented by these 2 new exploits?
This patch disabels execution so you shouldn’t worry!
…this would be hilarious!
This is sad for MS to get a black eye twice within one patch period. What normal user is going to actually use something like a hypertext application (.hta file)? Files like this should default to open in notepad or wordpad and the world would be a safer place. That is one of the first things I do on any windows box I am forced to install.
A Microsoft spokesperson insists the publicly released code can simply cause a denial-of-service crash.
So no executing malicious code. But still, crashing that browser/mail client can be pretty annoying. These new exploits also beg the question what’s next. Obviously hackers went looking after the last vulnerability was found and came up with these two in a very short time indeed.
Ofcourse MS may still exploit the situation by using these holes to promote Vista as an upgrade that is also an investment in security, but that could blow up in their face if Vista proved just as insecure.
When are people going to realize that Windows just SUCKS! LOL!
Every other day, this is crazy!
The thing that came to mind this morning on this issue is the fact that these holes have been in Windows forever and ever! When is the last time Microsoft put out a major update to any of their OS’s?
People talk about security problems in Linux, yet most versions of Linux are on going works in progress and still don’t have the holes that Windows has! I mean you would think that these problems were in something new but they have been there just waiting to be found!
Rediculas!
… grow the eff up and stop trolling.
Any software approaching the complexity of Windows is bound to have obscure security holes that could go undetected for years.
Please? Hummmmmm, the WHM hole goes all they way back to the first versions of Windows! It wasn’t complex then!
On top of that Windows is no more complex then the Mac OS, some versions of Linux and all the major versions of Unix.
Give me a break! Facts are facts! Windows is crap!
And like I said before it would be one thing if like everyone else they were putting out stuff on a regular, but 2000 has been out for 6 years and XP for almost 5 and yet week after week after week new problems crop up in the same ole code!
Flaw in your argument: at the time of early Windows, the Internet then wasn’t the same it is now, and these kind of security holes weren’t as important as they are now, if any awareness existed at all then.
MacOS probably has a different code for WMF, if any; same applies to Linux/Un*x.
Even as I think that MS Windows is still quite “crappy”, I also think Microsoft has made great strides on last versions (2k and XP), and a genuine effort to make it more secure, as shown by the results of XP SP2 and the time they took to launch a patch to the 1st WMF flaw. So, some credit where it is due.
You’re right in one point, though. If the code were properly written and checked then, it would have lot less vulnerabilities.
Man, with 50 Billion in the bank, they should be sellin the fort knox OS. LOL!
But we are talking about a 15 year old hole! And they are just finding it? I mean it was there in Windows 95 which was 11 years ago. (And that was internet ready!)
The sad part is that MS doesn’t really open their code, yet OTHER people keep finding the holes! LOL!
The difference is how long it takes to solve them and how often they occur on Windows.
Windows isn’t the only complex system in the world. It’s just designed to be unsafe, and this is why Microsoft is fighting so hard.
ActiveX is an example of technology – developed when security was a must – and still being extremely unsafe.
There are other systems in this world equally complex as Windows without the same amount of security holes.
Linux — The ever-lastingly-in-Beta operating system. No sh*t it’s a work in progress — always has been, always will be.
I like my releases final, thanks.
You like yours George Bush style, where they tell you 2 years before the war is even half way done that the mission is complete and like with Windows they are still working and still fixing and still fighting. LOL!
The funny part is the “beta” os keeps Bill Gates up at night trying to figure out if XP runs faster on old hardware then the “Beta” os. LOL!
Based on his comments I’m pretty sure he’s a Mac user, I don’t think I’ve seen any mention of him using Windows.
If you are talking about Linux is Poo, then you are almost correct.
He is primarily a Mac OSX user, however he also uses Windows and Linux.
Or so his previous posts would have you believe.
LOL! I”M A RETARD LOLOL
We already knew that
All maintained software is in progress. And Linux (the kernel) aren’t beta.
GNU/Linux systems aren’t beta either. No more than Windows 2003 Server is beta or Mac OS X is beta (well, the latter one is still at alpha stage).
Heh, an alpha that is more usable, prettier, and more stable than any other Linux desktop. What does that say about Linux + KDE/GNOME?
As long as the developers keep playing around with 2.6 like it’s a playground sandbox, I will always consider it an ever-lasting beta.
It’s the kernel then.
The kernel is under constant development as is the kernel in most OS’es.
You do not have to upgrade the kernel to get full functionality from a GNU/Linux system. Usually the kernel is pretty much unimportant in that regard. So if it’s in beta stage it’s because you chose to put it in beta stage. Besides that each kernel revision has it’s own level of developlment. Like 2.6.x.y and the higher y is the more stable it is (usually).
Do like me. Don’t update unless you really need it.
The fact that software is constantly being updated does no equal being in beta stage.
And no. Mac OS X is not prettier, nor more stable. Usability however, I’ll grant you that one (with the exception of a few bugs in the desktop implementation).
OS X *is* prettier in most cases than most Linux installations, and it *is* more stable. There have been countless times that I have seen a component of KDE/GNOME crash or become unresponsive. Hell, a friend of mine even demonstrated an easily-reproducible bug with a GNOME toolbar from the latest “stable” release — dragging some kind of non-file/folder icon onto a toolbar completely froze GNOME consistently each and every time.
I have been using OS X for a solid 5 months, and the only crashes or freezes I have experienced were with the Finder looking for a network drive that was no longer available.
Oh please… no flame wars yet OK?
“So no executing malicious code. But still, crashing that browser/mail client can be pretty annoying.”
Well on heise.de they came up with this:
If the WMF “only” crashes the application showing it, but doesn’t allow execution of code, this could still be dangerous. Imagine a user downloading such a WMF to the Desktop (the default setting in most browsers) this would cause explorer.exe to show this WMF, making it crash, which basically makes the whole desktop & the taskbar crash. explorer.exe will automagically be restarted, showing the WMF on the desktop again, crashing again … You’d end up with a pretty useless computer probably.
Tom
Imagine a user downloading such a WMF to the Desktop (the default setting in most browsers) this would cause explorer.exe to show this WMF, making it crash, which basically makes the whole desktop & the taskbar crash. explorer.exe will automagically be restarted, showing the WMF on the desktop again, crashing again … You’d end up with a pretty useless computer probably.
Well that’s fixable with Knoppix or something like ERD Commander ( http://www.winternals.com/Products/AdministratorsPak/ ) , one of either should be in every computer users recovery toolbox. Basically boot from cd delete file and your done, annoying but definately not as dangerous as the first exploit.
Well that’s fixable with Knoppix or something like ERD Commander ( http://www.winternals.com/Products/AdministratorsPak/ ) , one of either should be in every computer users recovery toolbox. Basically boot from cd delete file and your done, annoying but definately not as dangerous as the first exploit.
Well, that’s all well and good for more savvy users (who are least likely to be hit), it is not a viable solution for the majority of computer users. Most users are at the limit of the comfort zone using their standard apps. Expecting them to be able to (or want to) fix their OS when things go wrong is expecting too much. Just like everyone that drives a car is not a mechanic, everyone that uses a computer is not a tech.
Well, that’s all well and good for more savvy users (who are least likely to be hit), it is not a viable solution for the majority of computer users. Most users are at the limit of the comfort zone using their standard apps. Expecting them to be able to (or want to) fix their OS when things go wrong is expecting too much. Just like everyone that drives a car is not a mechanic, everyone that uses a computer is not a tech.
I don’t believe explorer would even render the WMF on the desktop. It would instead show whatever icon is associated with WMF files. However, if it did actually render the file, you don’t need Knoppix or other 3rd-party tools to fix this. You can use cmd to go to the desktop and delete the file or move it to another directory. You could also open Task Manager and do the same from it’s “New Task (Run…)” dialog. There are a few possible ways of doing this as well using just what is available in the OS.
The overall scenario also discounts that such exploits would likely be stopped by AV/AS software if it is on the system and up to date, just as it did with the previous exploits.
Edited 2006-01-10 19:10
Com’on people, do not make case from this thing. Who does need all these tools here.
You have infinite loop of Explorer.exe crash due to a file… what’s the problem?
ctrl-alt-del (or Ctrl-Shift-Esc) fires up task manager, select new task, run cmd, enter the file path, enter del or erase command of the file. then new task explorer.exe and all is done!!!
For Linux fanboys: do you forget how instable are Gnome and KDE???
Then you just log in as Adminstrator and delete the offending file from the “Desktop” directory in the said user’s profile. Um…unless you happen to be doing your web browsing as Administrator. In that case write this off as a lesson learned and a fine opportunity to play with a Linux live CD (as the other reply suggested) to fix the problem (hmmm, do I sense irony here?). Although this could be a royal PITA if somebody got an offending Email in Outlook and had the Preview pane enabled (heaven help us all). Crash…re-open Outlook…crash…ad nauseum. Forced removal of the entire offending .pst I guess.
“Well that’s fixable with Knoppix or something like ERD Commander”
Yeah definitely but can you imagine an average Windows user doing this? I’m afraid 80% of all users would be stucked if this happened to them.
Tom
Personally I just ignore all the *Suck’s and *Poo’s on this site. I wish more people would do so, as fewer threads(what is the appropriate term here?) would turn into flamewars then.
Perhaps a nice proofreading script that deducts a point from the post for every *Suck, *Poo, or similar. At least we’d see some more invemtive insults!
Nope I disagree. If you actually look at the userpage of Windows Sucks, you will see he is voted up more than he is voted down. This means he does make valid points.
If you were to automagically mod them down, you would miss the odd gem.
Censorship is too f–king gay
You mean the voting goes on merit? Hey – I mever noticed that! – Wow! Thanks for enlightenment!
biteydog by name – biteydog by nature
(Edit) Just excuse me – brainburn from spending a couple of hours rebuilding a Windows XP box for a client who was .wmf***ed – and I haven’t touched a Windows machine since W98.
Edited 2006-01-11 10:44
http://blogs.technet.com/msrc/archive/2006/01/09/417198.aspx
They had already identified these new “holes”, so I don’t see what the big issue here is.
While it must be rather embarrasing for Microsoft to have another WMF related flaw appear so quickly, it shouldn’t be that surprising. This is not because Microsoft is bad at what they do, or because Windows is a fundamentally flawed OS. It is simply because WMF is like a scripting language for Windows GDI calls.
This means that patching WMF issues requires updates to and analysis of the implementation of the GDI API. This API has hundreds of calls, and probably tens of thousands of lines of code implementing it. I wouldn’t be supprised if the patch to the last WMF flaw was in a completly seperate portion of the GDI from the portion that has this flaw. I also won’t be surprised if several more flaws of this nature are found and patched in the next few months. The result of all of this fixing will be a much more stable GDI, which is hardly a bad thing.
In any case, this issue will not become a real problem until someone comes up with a way to cause malicious code to execute rather than just crashing the application. Most malware these days are written for profit, rather than annoyance. Malware typically is written so that the distributer can use thier victims machines for DDoS extortion, spam distribution, or other unpleasant activities. In order for this flaw to be useful in this manner, the malware author must be able to cause a machine execute code. My hope is that Microsoft will have this patched before malware appears which uses this particular attack vector.
Funny news day today.
I don’t know about you people, but both Firefox and IE have been crashing a few times the last 7 days on one of the computers I work on. It was like port 80 just got blocked until I rebooted.