On Sun 16 Mar 2003 10:34, Andi Payn posted as excerpted below: > > No. It's a risk to national security. > > > > http://www.eweek.com/article2/0,3959,5264,00.asp > > From the article, Microsoft plans to withhold one protocol and a few APIs > > because of security issues, and: > > The protocol, which is part of Message Queuing, contains a coding mistake > > that would threaten the security of enterprise systems using it if it > > were disclosed, Allchin said. > > This was almost a year ago; more than enough time for some cracker to > reverse engineer the protocol, discover the vulnerability, write an exploit > kit, and distribute it to millions of codezkidz. So either the exploit > wasn't easily usable, or, in this case, obscurity bought Microsoft just > enough time to get a fix out before the vulnerability was found. Either > way, they got away with it this time; I don't think this proves that using > Windows is unpatriotic.
Actually, from the lists and newsgroups I'm on, that was refering to the Windows send-message API. It's broken because any app can send a message, including shutdown, system-shutdown, etc. (thus, similar to *ix signals, but there's far more of them, controlling everything from window sizing and repositioning, to text input events, to system shutdown notifications), and the target program can't tell whether it was the system that sent the message or an unauthorized program. This gets pretty hairy when it could be keyboard events coming in, and there's no way to tell whether they're simulated by some cracked program, or authentic. The target pretty much has to choose between ignoring everything, and obeying what may not be valid instructions, from any old unauthorized program. In addition, there's a lot of flexibility in these messages, such that they hold the opportunity for unchecked buffers. The messaging subsystem itself is supposedly safe, but that doesn't mean all the programs that use it have been coded with proper buffer checking as well.. Furthermore.. and this is the worst of it, I believe, from what I've read, the messaging system is user/privilage agnostic -- ANY OLD USER PROGRAM CAN SEND A MESSAGE TO ANY OTHER PROGRAM ON THE SYSTEM, THUS, THIS IS A SERIOUS PRIVILEGE ESCALATION VULNERABILITY!! The problem is that this is SO much part of the system, they can't fix the problem without breaking virtually EVERYTHING! Now,with a new release, it's possible they could do the old 16-bit compatibility trick, and run all legacy apps in a VM, but there's simply no way to fix this for existing deployed systems and apps. This is why they were talking about withholding this info. There's no way to patch it, without breaking everything currently deployed. However, as mentioned, someone took the hints that were there, and ran with them, figuring out what the problem was and publishing it far and wide. Again, because this is such a basic part of the system, it needs no example exploit code. Any Visual C and many Visual Basic, even VBA scripting, programmers, know how to do this, and have been using it legitimately day in and day out, for years. It's just that it's so much a part of the system, nobody ever thougth about using it in BAD ways, or at least didn't make those thoughts public, until the MS remarks that triggered a reexamination of that area with this sort of thing in mind. MS hasn't put out a patch, CAN'T put out a patch, because it'd break every app out there! THAT'S why they wanted to keep it under wraps! -- Duncan "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -- Benjamin Franklin
