 |
| Register | Login | |||||
 |
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
|
| | ||
|
| Register | Login | |||||
|
Main
| Memberlist
| Active users
| Calendar
| Chat
| Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album |
|
| | ||
| 0 users currently in Hardware / Software. |
| User | Post |
| Metal Man88 Posts: 87/701 |
I read up on GRC again; turns out Windows 9X doesn't have it. Only Windows NT4 and above NT-based things. As per his site, it appears to have been just a tactic to scare users of Old Windows versions to upgrade. Patches have been made for all the systems which happen to be affected.
Metal Man out. |
| HyperHacker Posts: 837/5072 |
Given how many times MS 'fixes' something only to have the patch open up another hole or only prevent one specific exploit method out of many, I wouldn't be surprised to learn that this was the case. However I would think they'd at least use some signing or similar to prevent anyone but themselves from being able to exploit it. 
Interesting point, though... If someone were to reverse-engineer Windows and find a back door, what would happen? To do so would be illegal, but so would the back door itself. This is actually how the problem with Sony's XCP was found; they assumed they were protected, since to discover what it was doing (and that the EULA was void), someone would have to 'illegally' reverse-engineer it. However, the guy who did got off on a technicality - since it disguised itself, he had no way to know it was part of XCP without REing it anyway.  |
| neotransotaku Posts: 468/1860 |
A small bump but...
Found an article that talks about one person believing this exploit was not a vulnerability, but rather a "back door" to allow remote access to PCs... A deliberate back door? I don't know what to think... |
| HyperHacker Posts: 731/5072 |
Here's another patch a lot of you will probably want. |
| Chris Posts: 327/577 |
Originally posted by DarkSlayaYeah, I got mines already. I feel really glad, too. |
| DarkSlaya Posts: 355/936 |
Microsoft released their patch, just so you guys know. |
| Ailure Posts: 379/2602 |
Originally posted by Metal Man88I suppse you mean Win NT 4.0 and older, as Win XP is technically Win NT 5.1 And Win 2000 is Win NT 5.0.  . Reason it dosen't say so on the box is... marketing simple. |
| dcahrakos Posts: 173/499 |
yeah, but when hasnt microsoft said not to use an unofficial patch...I installed it, and it works fine, ill just uninstall the patch(comes with an easy uninstaller) when microsoft releases theirs, and apparently microsoft's patch was leaked as well. |
| Metal Man88 Posts: 68/701 |
Eh. Not 98 yet, but there's a patch for everything but 95, 98, ME, and NT at http://www.grc.com/sn/notes-020.htm . It basically disables the offending image previewer and the thing behind it, making it impossible for it to be abused. Will report back if I find anything for 98 and the like... after all, I use various old computers.
Luckily, I switched to Linux for my main computer, so they'll have to be more devious to get me alive! |
| HyperHacker Posts: 605/5072 |
Someone asked just how this works in Programming, but the thread got closed, so I thought I'd explain here. (||bass gave a fairly good explanation, but I feel like doing so myself. )
Any time a program reads things from a file it has to put them in memory. This means it has to reserve some space in memory (what's called a buffer) for the data it reads. The problem is that the program doesn't check the size of the data. If the data is too big the program will blindly copy it into the buffer, and since the buffer isn't big enough the data also gets copied over whatever else is in memory nearby. (Unfortunately this is a common problem in Microsoft's programs.) If there's enough data it can overwrite program code or pointers in memory, so if the data writing over it is actually program code, it gets executed instead of the code that should be there. (Or in the case of overwriting a pointer, it changes it to point to some part of the data which contains code.) Is there any patch out yet for Win98? |
| Tarale Posts: 274/2713 |
Incidentally, Microsoft are strongly recommending against the unofficial patch and advise that their patch will be released on the 10th.
Google News has been interesting to watch these past couple of days, with articles that tell you either to get the patch or not get the patch... |
| dcahrakos Posts: 171/499 |
heres an unofficial patch...worked for me.
http://castlecops.com/a6436-Newest_WMF_Exploit_Patch_Saves_the_Day.html |
| Ailure Posts: 360/2602 |
And considering that they don't support some of their older OS's... that's a problem.
I really doubt it they fix it for Win 95 and 98... an OS people still use to this age. I'm not sure if 2000 and ME is abonden yet, but they will be soon enough anyway. |
| Tarale Posts: 241/2713 |
Originally posted by Chris Yes, it's unusual that something like this hits mainstream media; but it's good that they're taking it seriously. This has been all over the usual geek media for days -- Slashdot and Ars have both run stories, and it's all over Google News. I'd consider telling my boss about it, but then she'll send out a warning to all users which will freak them out for no real good reason and they'll call us. (Note: I consider unnecessarily panicking a bunch of computer illiterates for something they can't fix to be "no good reason") |
| Chris Posts: 321/577 |
Wow. This must be big. I was reading through -- at the same time, heard it on the news. I can't believe the exploit's been out since win95... |
| Tarale Posts: 240/2713 |
Funny, I've known about this for a while but keep missing the thread here.
Well, now they're actually recommending that people install the unofficial patch. I think it's been tested and the binary actually does what the source code says it does and such, so I dunno.... Microsoft still preparing their own patch but that won't be till next week.... meh. |
| MathOnNapkins Posts: 125/1106 |
Originally posted by dormento I didn't mean a filter for the file extension. As you have put it I meant reading from the internal header of the file. I'm gonna go look around for patches in the meantime. They said it might be a week before Microsoft makes one. |
| FreeDOS + Posts: 148/1312 |
That's awesome, especially since I'm not on Windows  |
| dormento Posts: 9/48 |
The problem is that Windows recognizes metafiles by their header. In that sense, you could pick a metafile, stuff your payload inside and rename it to jpg.
The poor victim gets the file, opens an explorer window with thumbnails on. Windows thinks "ohoho look this, it's an image file, let's see if i recognize the format. Wheee, it's a metafile!" File extension doesn't matter. For all i know, it checks this type of information for every file in the system. have you ever tried to rename an .EXE to something else, only to try checking the properties dialog and seeing version information? I think the GUI (or CLSID or whatever) always takes priority over file extension. And this exploit is there since at least Win95. That's scary. |
| MathOnNapkins Posts: 124/1106 |
So... uh... does Windows use WMF files as a middle man format for display? I don't see how this would be that dangerous b/c i haven't seen a file with a .wmf extension in ages. Wouldn't it be best to make patches that filter out .wmf files? |
| This is a long thread. Click here to view it. | |
