Programmer slip-up produces critical bug, Microsoft admits
Missed SMB 2 vulnerability in Vista, but found it in time to fix Windows 7
By Gregg Keizer
October 16, 2009 12:55 PM ET
Computerworld - Microsoft acknowledged Thursday that one of the critical network vulnerabilities it patched earlier in the week was due to a programming error on its part.
The flaw, one of 34 patched Tuesday in a massive security update
, was in the code for SMB 2 (Server Message Block 2), a Microsoft-made network file- and print-sharing protocol that ships with Windows Vista, Windows 7 and Windows Server 2008.
"Look at the two array references to ValidateRoutines near the end," said Michael Howard, principal security program manager in Microsoft's security engineering and communications group, referring to a code snippet he showed in a post to the Security Development Lifecycle
(SDL) blog. "The array index to both is the wrong variable: pHeader->Command should be pWI->Command."
Howard, who is probably best known for co-authoring Writing Secure Code
, went on to say that the error was not only in new code, but a "bug of concern."
The incorrect variable -- "pHeader" instead of "pWI" -- produced a vulnerability that Microsoft rated critical, its highest threat ranking. "An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," read the MS09-050
security bulletin released Tuesday. Attackers could trigger the bug by sending a rigged SMB packet to an unpatched PC.