Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Programmer slip-up produces critical bug, MS admits

17 Oct 2009   #1
Night Hawk

W7 Ultimate x64/W10 Pro x64 dual boot main build-remote pc W10 Pro x64 Insider Preview/W7 Pro x64
 
 
Programmer slip-up produces critical bug, MS admits

Quote:
Programmer slip-up produces critical bug, Microsoft admits

Missed SMB 2 vulnerability in Vista, but found it in time to fix Windows 7

By Gregg Keizer
October 16, 2009 12:55 PM ET

Computerworld - Microsoft acknowledged Thursday that one of the critical network vulnerabilities it patched earlier in the week was due to a programming error on its part.
The flaw, one of 34 patched Tuesday in a massive security update, was in the code for SMB 2 (Server Message Block 2), a Microsoft-made network file- and print-sharing protocol that ships with Windows Vista, Windows 7 and Windows Server 2008.

"Look at the two array references to ValidateRoutines[] near the end," said Michael Howard, principal security program manager in Microsoft's security engineering and communications group, referring to a code snippet he showed in a post to the Security Development Lifecycle (SDL) blog. "The array index to both is the wrong variable: pHeader->Command should be pWI->Command."

Howard, who is probably best known for co-authoring Writing Secure Code, went on to say that the error was not only in new code, but a "bug of concern."

The incorrect variable -- "pHeader" instead of "pWI" -- produced a vulnerability that Microsoft rated critical, its highest threat ranking. "An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," read the MS09-050 security bulletin released Tuesday. Attackers could trigger the bug by sending a rigged SMB packet to an unpatched PC.
More at: Programmer slip-up produces critical bug, Microsoft admits


My System SpecsSystem Spec
.
17 Oct 2009   #2
thefabe

Windows 7 ultimate 64 bit / XP Home sp3
 
 

You seem to always post some of the most interesting articals. Nice find nice read.Fabe
My System SpecsSystem Spec
17 Oct 2009   #3
H2SO4

Win7x64
 
 

Quote:
Computerworld - Microsoft acknowledged Thursday that one of the critical network vulnerabilities it patched earlier in the week was due to a programming error on its part.
It was caused by a programmer?!? Will the wonders never cease!
My System SpecsSystem Spec
.

17 Oct 2009   #4
Antman

 

Quote   Quote: Originally Posted by H2SO4 View Post
Quote:
Computerworld - Microsoft acknowledged Thursday that one of the critical network vulnerabilities it patched earlier in the week was due to a programming error on its part.
It was caused by a programmer?!? Will the wonders never cease!
Loosely translated - all bugs/security holes are created by programmers.
My System SpecsSystem Spec
17 Oct 2009   #5
Night Hawk

W7 Ultimate x64/W10 Pro x64 dual boot main build-remote pc W10 Pro x64 Insider Preview/W7 Pro x64
 
 

Often once any software is out someone will realize a problem where a patch is later released to correct it. It's a typical problem seen not only with OSs but pc games, desktop apps, etc..
My System SpecsSystem Spec
17 Oct 2009   #6
Antman

 

It's not wrong until it leaves your desk.
My System SpecsSystem Spec
17 Oct 2009   #7
Night Hawk

W7 Ultimate x64/W10 Pro x64 dual boot main build-remote pc W10 Pro x64 Insider Preview/W7 Pro x64
 
 

The fact that this wasn't discovered until long after Vista's release is the more troublesome part. I think this one reason why 7 was a bit more open to people for testing as well as for the RCs since MS could see more "Real World" data to discover where the bugs if any were then seen with Vista.
My System SpecsSystem Spec
18 Oct 2009   #8
H2SO4

Win7x64
 
 

Quote   Quote: Originally Posted by Night Hawk View Post
The fact that this wasn't discovered until long after Vista's release is the more troublesome part. I think this one reason why 7 was a bit more open to people for testing as well as for the RCs since MS could see more "Real World" data to discover where the bugs if any were then seen with Vista.
That entire module didn't even exist before Vista, nor did SMB2 exist as a protocol.

Server Message Block (version 1) harks back to the mid 80s. Every version of Windows - and OS/2 - since then has supported that protocol and built on top of it. However, it's inherent limitations made it necessary for MS to come out with SMB2 in the Vista timeframe.

It was inevitable that vulns would eventually be found. There will be others too, it's just that nobody knows where they are - yet. It's not a particularly big deal though. All code has bugs. The impact of this one was negligible and the fix was trivial.
My System SpecsSystem Spec
18 Oct 2009   #9
Night Hawk

W7 Ultimate x64/W10 Pro x64 dual boot main build-remote pc W10 Pro x64 Insider Preview/W7 Pro x64
 
 

Most of these are generally small and go unnoticed for lengthy periods of time. The larger volume of feedback MS receives by opening each new version up to real world testing however should in theory shed some light on these as well as more notiable ones.

Speaking about bugs I had to add this one in here since it shows what I've saying all along that first Vista saw less bugs by a large degree over XP and now 7 has cut that down even further showing MS is actually making some progress along these lines!

Quote:
Microsoft issues first Windows 7 patches

New OS afflicted by half as many bugs this month as Vista, a third as many as XP

By Gregg Keizer
October 19, 2009 06:51 AM ET

Computerworld - Microsoft patched nine vulnerabilities in Windows 7 last week, five marked "critical," in a move that will require users upgrading to the new operating system to download a security update to keep their PCs secure.
The patches were the first for Windows 7's final build (dubbed RTM for "release to manufacturing"), which has been in some customers' hands -- primarily enterprises with volume licensing agreements -- since August.
Windows 7's patch count was significantly less than either Windows Vista's, its immediate predecessor, or that of Windows XP, the eight-year-old operating system installed on the majority of systems worldwide.
An analysis by Computerworld of the massive Oct. 13 security update -- the largest by Microsoft since it started patching on a regular monthly schedule six years ago -- showed Windows 7 was affected by nine of the 34 vulnerabilities, or 26% of the total. Its count of critical bugs -- the most serious as labeled by Microsoft -- was five out of a possible 21, or 24%.
Windows Vista, meanwhile, was impacted by 19 of the 34 vulnerabilities -- 56% of the total -- with 11 pegged as critical.
Windows XP was affected by the most vulnerabilities of all: 24 out of 34, or 71% of the total. Of the two-dozen bugs that needed patching in Windows XP, 18 -- or 86% of the total critical count -- were tagged as critical.
Read more at: Microsoft issues first Windows 7 patches

go MS go!
My System SpecsSystem Spec
Reply

 Programmer slip-up produces critical bug, MS admits




Thread Tools




Similar help and support threads
Thread Forum
How did they slip past AVAST?
i'm looking at the worst case of infection I've seen in 3 years - basically it is a nuke/redo. This is a lightly-loaded and lightly-used PC, has little on it other than wildlife photos from a hunting ranch, a few programs like for Garmin GPS and adobe reader, etc, and outlook . this thing has...
System Security
slip stream MS window8 usb 3.0 driver into window 7 install CD
this could be somewhat complicated and should be either in driver section, or installation section or could be on both windows 7 and 8 forum. here goes.. recently im into SSDs and usb 3.0 so i got myself a usb 3.0 flash drive, made it bootable with window 7 files on it and then install window 7...
Installation & Setup
Slip streaming Updates for W7 and Office 2010 -- can it be done.
Hi everybody If you've ever re-installed W7 recently (or office 2010) there's a myriad of updates that can take a long time (I think around 1 GB of downloads if you include Office). Is it possible like we did with XP to "Slipstream" the Service packs and updates into W7 and an Office install ...
General Discussion
6 monitors... 2 slip into COMA
I have two Nvidia GeForce 8400 GS, one Nvidia GeForce 8500 GT giving me a total of 6 Video outputs I have two dell E153fp, one dell e171fpb I have two hyvision 19 and one Samsung SyncMaster 940MW Configuration went awesome All the monitors work 100% Then in 15 minutes when they monitors should...
Graphic Cards
Anyone a C# Programmer?
Well I am trying to build a program right now, and for some reason it isn't working correctly. If anyone here codes C# lemme know. I could use the help. XD Thanks, Gamer
Chillout Room


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:15.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App