New
#1
Programmer slip-up produces critical bug, MS admits
More at: Programmer slip-up produces critical bug, Microsoft admitsProgrammer slip-up produces critical bug, Microsoft admits
Missed SMB 2 vulnerability in Vista, but found it in time to fix Windows 7
By Gregg Keizer
October 16, 2009 12:55 PM ET
Computerworld - Microsoft acknowledged Thursday that one of the critical network vulnerabilities it patched earlier in the week was due to a programming error on its part.
The flaw, one of 34 patched Tuesday in a massive security update, was in the code for SMB 2 (Server Message Block 2), a Microsoft-made network file- and print-sharing protocol that ships with Windows Vista, Windows 7 and Windows Server 2008.
"Look at the two array references to ValidateRoutines[] near the end," said Michael Howard, principal security program manager in Microsoft's security engineering and communications group, referring to a code snippet he showed in a post to the Security Development Lifecycle (SDL) blog. "The array index to both is the wrong variable: pHeader->Command should be pWI->Command."
Howard, who is probably best known for co-authoring Writing Secure Code, went on to say that the error was not only in new code, but a "bug of concern."
The incorrect variable -- "pHeader" instead of "pWI" -- produced a vulnerability that Microsoft rated critical, its highest threat ranking. "An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," read the MS09-050 security bulletin released Tuesday. Attackers could trigger the bug by sending a rigged SMB packet to an unpatched PC.