Programmer slip-up produces critical bug, MS admits

[Night Hawk]

Programmer slip-up produces critical bug, Microsoft admits

Missed SMB 2 vulnerability in Vista, but found it in time to fix Windows 7

By Gregg Keizer
October 16, 2009 12:55 PM ET

Computerworld - Microsoft acknowledged Thursday that one of the critical network vulnerabilities it patched earlier in the week was due to a programming error on its part.
The flaw, one of 34 patched Tuesday in a massive security update, was in the code for SMB 2 (Server Message Block 2), a Microsoft-made network file- and print-sharing protocol that ships with Windows Vista, Windows 7 and Windows Server 2008.

"Look at the two array references to ValidateRoutines[] near the end," said Michael Howard, principal security program manager in Microsoft's security engineering and communications group, referring to a code snippet he showed in a post to the Security Development Lifecycle (SDL) blog. "The array index to both is the wrong variable: pHeader->Command should be pWI->Command."

Howard, who is probably best known for co-authoring Writing Secure Code, went on to say that the error was not only in new code, but a "bug of concern."

The incorrect variable -- "pHeader" instead of "pWI" -- produced a vulnerability that Microsoft rated critical, its highest threat ranking. "An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," read the MS09-050 security bulletin released Tuesday. Attackers could trigger the bug by sending a rigged SMB packet to an unpatched PC.

More at: Programmer slip-up produces critical bug, Microsoft admits

 

[thefabe]

You seem to always post some of the most interesting articals. Nice find nice read.Fabe

 

[H2SO4]

Computerworld - Microsoft acknowledged Thursday that one of the critical network vulnerabilities it patched earlier in the week was due to a programming error on its part.

It was caused by a programmer?!? Will the wonders never cease!

 

[Antman]

Computerworld - Microsoft acknowledged Thursday that one of the critical network vulnerabilities it patched earlier in the week was due to a programming error on its part.

It was caused by a programmer?!? Will the wonders never cease!

Loosely translated - all bugs/security holes are created by programmers.

 

[Night Hawk]

Often once any software is out someone will realize a problem where a patch is later released to correct it. It's a typical problem seen not only with OSs but pc games, desktop apps, etc..

 

[Antman]

It's not wrong until it leaves your desk.

 

[Night Hawk]

The fact that this wasn't discovered until long after Vista's release is the more troublesome part. I think this one reason why 7 was a bit more open to people for testing as well as for the RCs since MS could see more "Real World" data to discover where the bugs if any were then seen with Vista.

 

[H2SO4]

The fact that this wasn't discovered until long after Vista's release is the more troublesome part. I think this one reason why 7 was a bit more open to people for testing as well as for the RCs since MS could see more "Real World" data to discover where the bugs if any were then seen with Vista.

That entire module didn't even exist before Vista, nor did SMB2 exist as a protocol.

Server Message Block (version 1) harks back to the mid 80s. Every version of Windows - and OS/2 - since then has supported that protocol and built on top of it. However, it's inherent limitations made it necessary for MS to come out with SMB2 in the Vista timeframe.

It was inevitable that vulns would eventually be found. There will be others too, it's just that nobody knows where they are - yet. It's not a particularly big deal though. All code has bugs. The impact of this one was negligible and the fix was trivial.

 

[Night Hawk]

Most of these are generally small and go unnoticed for lengthy periods of time. The larger volume of feedback MS receives by opening each new version up to real world testing however should in theory shed some light on these as well as more notiable ones.

Speaking about bugs I had to add this one in here since it shows what I've saying all along that first Vista saw less bugs by a large degree over XP and now 7 has cut that down even further showing MS is actually making some progress along these lines!

Microsoft issues first Windows 7 patches

New OS afflicted by half as many bugs this month as Vista, a third as many as XP

By Gregg Keizer
October 19, 2009 06:51 AM ET

Computerworld - Microsoft patched nine vulnerabilities in Windows 7 last week, five marked "critical," in a move that will require users upgrading to the new operating system to download a security update to keep their PCs secure.
The patches were the first for Windows 7's final build (dubbed RTM for "release to manufacturing"), which has been in some customers' hands -- primarily enterprises with volume licensing agreements -- since August.
Windows 7's patch count was significantly less than either Windows Vista's, its immediate predecessor, or that of Windows XP, the eight-year-old operating system installed on the majority of systems worldwide.
An analysis by Computerworld of the massive Oct. 13 security update -- the largest by Microsoft since it started patching on a regular monthly schedule six years ago -- showed Windows 7 was affected by nine of the 34 vulnerabilities, or 26% of the total. Its count of critical bugs -- the most serious as labeled by Microsoft -- was five out of a possible 21, or 24%.
Windows Vista, meanwhile, was impacted by 19 of the 34 vulnerabilities -- 56% of the total -- with 11 pegged as critical.
Windows XP was affected by the most vulnerabilities of all: 24 out of 34, or 71% of the total. Of the two-dozen bugs that needed patching in Windows XP, 18 -- or 86% of the total critical count -- were tagged as critical.

Read more at: Microsoft issues first Windows 7 patches

go MS go!