Microsoft finally patches 17-year-old bug

February 5, 2010 by Paul Spoerry 1 Comment

A 17-year-old bug in Windows will be patched by Microsoft in its latest security update.

The February update for Windows will close the loophole that involves the venerable DOS operating system.

First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since.

The monthly security update will also tackle a further 25 holes in Windows, five of which are rated as “critical”.

Home hijack

The ancient bug was discovered by Google security researcher Tavis Ormandy in January 2010 and involves a utility that allows newer versions of Windows to run programs that date from the DOS era.

Mr Ormandy has found a way to exploit this utility in Windows XP, Windows Server 2003 and 2008 as well as Windows Vista and Windows 7.

The patch for this vulnerability will appear in the February security update. Five of the vulnerabilities being patched at the same time allow attackers to effectively hijack a Windows PC and run their own programs on it.

As well as fixing holes in many versions of Windows, the update also tackles bugs in Office XP, Office 2003 and Office 2004 for Apple Macintosh machines.

The bumper update is not the largest that Microsoft has ever released. The security update for October 2009 tackled a total of 34 vulnerabilities. Eight of those updates were rated as critical – the highest level.

In January 2010, Microsoft released an “out of band” patch for a serious vulnerability in Internet Explorer that was being exploited online. The vulnerability was also thought to be the one used to attack Google in China.

Following the attack on Google, many other cyber criminals started seeking ways to exploit the loophole.

Also this week, a security researcher has reported the discovery of a vulnerability in Internet Explorer that allows attackers to view the files held on a victim’s machine.

Microsoft has issued a security bulletin about the problem and aims to tackle it at a future date. At the moment there is no evidence that this latest find is being actively exploited online.

4GB Memory Limit In 32-Bit Windows is Bogus

August 26, 2009 by Paul Spoerry Leave a Comment

Geoff Chappell published an article explaining how the 4GB memory limit for 32-bit Windows (he is writing mainly about Vista) is more of a licensing preference than an architectural limit. The article outlines how Chappell unlocked his system to use all the memory that is present, but cautions that such hackery is ill-advised for several reasons, including legal ones.

“If you want [to be able to use more than 4GB in Vista] without contrivance, then pester Microsoft for an upgrade of the license data or at least for a credible, detailed reasoning of its policy for licensing your use of your computer’s memory. … [C]onsider Windows Server 2008. For the loader and kernel in Windows Vista SP1 (and, by the way, for the overwhelming majority of all executables), the corresponding executable in Windows Server 2008 is exactly the same, byte for byte. Yet Microsoft sells 32-bit Windows Server 2008 for use with as much as 64GB of memory. Does Microsoft really mean to say that when it re-badges these same executables as Windows Vista SP1, they suddenly acquire an architectural limit of 4GB? Or is it that a driver for Windows Server 2008 is safe for using with memory above 4GB as long as you don’t let it interact with the identical executables from Windows Vista SP1?”

Read the full article here.

Microsoft WordPress Installer?

October 15, 2008 by Paul Spoerry Leave a Comment

Who would have thought… but the new Microsoft Web Platform Installer is designed to help get you get up and running with the most widely used Web Applications freely available for Windows Server. The new installer (which is beta currently) will install popular open source and .NET solutions. Included in the beta release will include DotNetNuke, Drupal, Gallery, Graffiti, osCommerce, PHPBB, and WordPress. My first thought was… “seriously?” IIS is an awesome platform, and it’s nice to see Microsoft embracing that it can serve up more than just Microsoft languages (yes in fact it could for a long time, but it wasn’t easy or direct to do so).

What will be interesting, in regards to WordPress, is how IIS will handle permalinks and having to use index.php in the url (sometimes, not always). Only time will tell, still exciting that Microsoft is moving in this direction.

Unstoppable Vista Hack Created

August 11, 2008 by Paul Spoerry Leave a Comment

In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they’ve found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others. Essentially they’ve figured out a way to hack Vista using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

What they are indicating is that they have revealed a fatal flaw in Windows Vista which potentially blows the OS wide open and in such a way that it cannot be fixed. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista’s fundamental architecture and the ways in which Microsoft chose to protect it.

Many of the defenses that Microsoft added to Vista and Windows Server 2008 are designed to stop host-based attacks. ASLR, for example, is meant to prevent attackers from predicting target memory addresses by randomly moving things such as a process’s stack, heap and libraries. That technique is useful against memory-corruption attacks, but Dai Zovi said that against Dowd’s and Sotirov’s methods, it would be of no use.

“This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista,” Dai Zovi said. “If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they’re safe because they’re .NET objects, you see that Microsoft didn’t think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force.”

They go on to imply the approach can also potentially be applied to other operating systems such as Windows XP and Mac OSX (but not with this specific technique).

Read more at TechTarget or TrustedReviews

Gartner Says Vista Will Collapse, Microsoft must buy Yahoo

April 12, 2008 by Paul Spoerry Leave a Comment

Techcrunch posted an article stating “Gartner Says Vista Will Collapse. And Thatâ€™s Why The Yahoo Deal Must Happen”.The last paragraph sums up the Gartner view:

The real question isnâ€™t â€œWhat can Microsoft do to fix their Windows product?â€ but rather â€œEven If Windows and Office were perfect, would it be enough to keep Microsoft relevant in the medium term?â€ I think the answer to that latter question might be â€œnope.â€ And that, of course, is why they want Yahoo so badly. Online advertising revenue is their only real hope of long term survival.

This of course is a complete load of crap. Vista WAS handled poorly by Microsoft, but its not the collapse of Windows by any stretch of the imagination. The most laughable thing is that while so called “analysts” are predicting the demise of Windows,Vista alone (ie, not counting Windows server or XP) still has more market share than *nix and OS X COMBINED. The real reason Vista isn’t selling as well as MS hoped is because of Windows XP. XP has turned out to be a mature, stable, and secure OS. Vista has new plumbing and the kinks are still being worked out (to be expected). The underlying plumbing put into Vista however will position it for the long term, and XP will ultimately be phased out. Don’t count Vista, or Windows as a whole “out”.

The image below shows Windows market share versus the only other statistically relevant OS’s (ie, over 1% market share) as of March 2008.

It’s true that *nix based systems have made some inroads in business computing, however, Windows still controls 90% of the market. Linux doesn’t even show up on the list… it ranks atÂ 0.61% (though OS X REALLY is a flavor of unix so you could count that in the *nix category) Ask any non-geek what OS they run and you’ll get two answers, Windows or OS X, but mostly just windows. The people predicting these things needs to step out of the basement and away from their Tux stuff animals for a bit and look at the real world. Could the apple cart be upset, absolutely, but it won’t happen over night and Microsoft will have time to react.