Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Programmer slip-up produces critical bug, MS admits


17 Oct 2009   #1

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 
Programmer slip-up produces critical bug, MS admits

Quote:
Programmer slip-up produces critical bug, Microsoft admits

Missed SMB 2 vulnerability in Vista, but found it in time to fix Windows 7

By Gregg Keizer
October 16, 2009 12:55 PM ET

Computerworld - Microsoft acknowledged Thursday that one of the critical network vulnerabilities it patched earlier in the week was due to a programming error on its part.
The flaw, one of 34 patched Tuesday in a massive security update, was in the code for SMB 2 (Server Message Block 2), a Microsoft-made network file- and print-sharing protocol that ships with Windows Vista, Windows 7 and Windows Server 2008.

"Look at the two array references to ValidateRoutines[] near the end," said Michael Howard, principal security program manager in Microsoft's security engineering and communications group, referring to a code snippet he showed in a post to the Security Development Lifecycle (SDL) blog. "The array index to both is the wrong variable: pHeader->Command should be pWI->Command."

Howard, who is probably best known for co-authoring Writing Secure Code, went on to say that the error was not only in new code, but a "bug of concern."

The incorrect variable -- "pHeader" instead of "pWI" -- produced a vulnerability that Microsoft rated critical, its highest threat ranking. "An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," read the MS09-050 security bulletin released Tuesday. Attackers could trigger the bug by sending a rigged SMB packet to an unpatched PC.
More at: Programmer slip-up produces critical bug, Microsoft admits


My System SpecsSystem Spec
.

17 Oct 2009   #2

Windows 7 ultimate 64 bit / XP Home sp3
 
 

You seem to always post some of the most interesting articals. Nice find nice read.Fabe
My System SpecsSystem Spec
17 Oct 2009   #3

Win7x64
 
 

Quote:
Computerworld - Microsoft acknowledged Thursday that one of the critical network vulnerabilities it patched earlier in the week was due to a programming error on its part.
It was caused by a programmer?!? Will the wonders never cease!
My System SpecsSystem Spec
.


17 Oct 2009   #4

 

Quote   Quote: Originally Posted by H2SO4 View Post
Quote:
Computerworld - Microsoft acknowledged Thursday that one of the critical network vulnerabilities it patched earlier in the week was due to a programming error on its part.
It was caused by a programmer?!? Will the wonders never cease!
Loosely translated - all bugs/security holes are created by programmers.
My System SpecsSystem Spec
17 Oct 2009   #5

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

Often once any software is out someone will realize a problem where a patch is later released to correct it. It's a typical problem seen not only with OSs but pc games, desktop apps, etc..
My System SpecsSystem Spec
17 Oct 2009   #6

 

It's not wrong until it leaves your desk.
My System SpecsSystem Spec
17 Oct 2009   #7

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

The fact that this wasn't discovered until long after Vista's release is the more troublesome part. I think this one reason why 7 was a bit more open to people for testing as well as for the RCs since MS could see more "Real World" data to discover where the bugs if any were then seen with Vista.
My System SpecsSystem Spec
18 Oct 2009   #8

Win7x64
 
 

Quote   Quote: Originally Posted by Night Hawk View Post
The fact that this wasn't discovered until long after Vista's release is the more troublesome part. I think this one reason why 7 was a bit more open to people for testing as well as for the RCs since MS could see more "Real World" data to discover where the bugs if any were then seen with Vista.
That entire module didn't even exist before Vista, nor did SMB2 exist as a protocol.

Server Message Block (version 1) harks back to the mid 80s. Every version of Windows - and OS/2 - since then has supported that protocol and built on top of it. However, it's inherent limitations made it necessary for MS to come out with SMB2 in the Vista timeframe.

It was inevitable that vulns would eventually be found. There will be others too, it's just that nobody knows where they are - yet. It's not a particularly big deal though. All code has bugs. The impact of this one was negligible and the fix was trivial.
My System SpecsSystem Spec
18 Oct 2009   #9

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

Most of these are generally small and go unnoticed for lengthy periods of time. The larger volume of feedback MS receives by opening each new version up to real world testing however should in theory shed some light on these as well as more notiable ones.

Speaking about bugs I had to add this one in here since it shows what I've saying all along that first Vista saw less bugs by a large degree over XP and now 7 has cut that down even further showing MS is actually making some progress along these lines!

Quote:
Microsoft issues first Windows 7 patches

New OS afflicted by half as many bugs this month as Vista, a third as many as XP

By Gregg Keizer
October 19, 2009 06:51 AM ET

Computerworld - Microsoft patched nine vulnerabilities in Windows 7 last week, five marked "critical," in a move that will require users upgrading to the new operating system to download a security update to keep their PCs secure.
The patches were the first for Windows 7's final build (dubbed RTM for "release to manufacturing"), which has been in some customers' hands -- primarily enterprises with volume licensing agreements -- since August.
Windows 7's patch count was significantly less than either Windows Vista's, its immediate predecessor, or that of Windows XP, the eight-year-old operating system installed on the majority of systems worldwide.
An analysis by Computerworld of the massive Oct. 13 security update -- the largest by Microsoft since it started patching on a regular monthly schedule six years ago -- showed Windows 7 was affected by nine of the 34 vulnerabilities, or 26% of the total. Its count of critical bugs -- the most serious as labeled by Microsoft -- was five out of a possible 21, or 24%.
Windows Vista, meanwhile, was impacted by 19 of the 34 vulnerabilities -- 56% of the total -- with 11 pegged as critical.
Windows XP was affected by the most vulnerabilities of all: 24 out of 34, or 71% of the total. Of the two-dozen bugs that needed patching in Windows XP, 18 -- or 86% of the total critical count -- were tagged as critical.
Read more at: Microsoft issues first Windows 7 patches

go MS go!
My System SpecsSystem Spec
Reply

 Programmer slip-up produces critical bug, MS admits




Thread Tools



Similar help and support threads for2: Programmer slip-up produces critical bug, MS admits
Thread Forum
slip stream MS window8 usb 3.0 driver into window 7 install CD Installation & Setup
Slip streaming Updates for W7 and Office 2010 -- can it be done. General Discussion
Print to XPS from IE8 Produces Locked Document Browsers & Mail
6 monitors... 2 slip into COMA Graphic Cards
Anyone a C# Programmer? Chillout Room

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:54 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33