Yawn
Again?
Antimalware provider Prevx has sounded the alarm about a serious vulnerability in fully patched versions of Microsoft Windows. It allows attackers to execute malware, even in versions designed to withstand such exploits. Technical details have already been published on a Chinese forum, leading to speculation that it won't be …
so, another critical major vulnerability that makes a system that has already been taken over insecure?
well at least by exploiting this bug they only need to trick a user in to downloading and running something, reducing the number of security prompts they need to ignore by 1, saving the victim precious seconds of their time that would otherwise be wasted blindly clicking allow to that annoying UAC prompt that comes up every time they try to install another cursor tool bar emoticon set
For those who don't surf as admin, privilege escalation attacks are a little more serious than you make out. It's not just "saving a click". It makes possible something that is otherwise not possible.
That said, those of us who don't execute random attachments are still safe, so I'm not losing any sleep over it. At least, not yet. Combine it with some "autorun" vulnerability in IE or Outlook and put a rootkit on the back and *then* you'll have something to frighten the children with.
Yeah, but the only other graphical APIs are DirectX, GDI+, and some managed crud. The former has no text output, GDI+ is built on top of GDI and DirectX, and all managed code runs on top of native code.
Deprecate all you like, but until you provide an alternative no-one is going to stop using it.
Starting from NT4, Windows graphics drivers live in kernel space. Hence, calls to GDI functions end up being handled in the kernel with kernel level privileges.
Windows NT 3.5 was a solid kernel that had poor performance in graphic apps and games. NT4 moved the graphic card drivers in kernel space to provide decent performance.
This is a design trade off. Other decisions made in the name of ease of use, for example having loads of useless services enabled by default in later Windows versions, have exposed other security holes.
It comes down to what security experts call "attack surface". The higher the number of things you expose, the higher the chance of someone discovering security holes in them.
Until Microsoft shifted its focus to security a few years ago, Windows design always leaned towards anything but security. And the backward compatibility ball chain means that some of those decisions are simply impossible to fix.
@AC @amehaye
Probably because the article says that the code in question seems to respond to user input and runs with KERNEL priviledges. This is a bit like the first internet worm that was so bad because everyone ran the finger deamon with root priviledges, so the worm automatically had root priviledge.
To be slightly fair to the programmers, you loose a lot of processor cycles switching between different privilage modes, part of the reason that the graphics system also moved (unless Intel has changed that).
In a perfect world, the only thing that would run with kernel privileges is the code that needs them to look after everything else; task handling. Everything else should really just run with a lower priority so it cannot crap over everything.
Tux may be many things but it is not a microkernel and it has not made much effort to minimise the amount of code running with elevated privileges. Minix was different and Linus made a conscious decision in that regard, for performance reasons, so your Tux remark is about as wrong as it can be.
Same old digs from the penguins.
The answer is YOU need to persuade your company to switch it's entire estate to something non-MS, and you need to persuade the staff to switch their home PCs also.
NOT GOING TO HAPPEN
(just before some smug BOFH replies, yes, I know a few of you have already acheved this. Well done, have a sweetie)
So move along and stop bitching just because you think you are safe. If Linux had >90% penetration on the desktop, we'd be seeing a lot more incidents related to it. Look at it from the criminal aspect - what's the point in spending £100,000 to break into a vault to steal £1,000
For the record, I have no allegiance to any OS. I use and like MS and Linux. But I put my business hat on and I know which is cheapest to use in my business environment (TCO).
This post has been deleted by its author
...is that you sacrifice performance, and the fault happens to reside in a GRAPHICAL routine. Guess what's one of the most demanding things a computer can do? Graphics (especially 3D graphics) is such a demanding job that programmers have a devil of a time finding the fine line between making it universal and taking it close to the metal for maximum performance.
"This is a stack overflow bug in NtGdiEnableEUDC // some kindov syscall...
Why do you suggest that this is a UI-in-kernel issue ?"
Well, it's right in the name of the system call: "GDI". That is graphics device interface. I googled and EUDC involves adding user-defined characters to a (non-unicode , since they mention code pages) font. You've got this whole state machine to handle lines, points, fills, paintbrushes, clipping, even bitmaps, metafiles, and fonts -- IN THE KERNEL. Sorry, but this way lies madness, it's no wonder there's so many exploits turning up.
Could happen to anybody. And what's the big-picture impact of a buffer overflow in user mode code ? And the big picture impact of a buffer overflow in kernel mode code? How much code should be running in kernel mode? How explicit should the kernel mode design/code guidelines be? How experienced should a kernel mode coder be? How closely should kernel mode code be reviewed?
Now, what was your point again?
C++ combines the worst of two other languages I'm reasonably familiar with. It has the complexity, obscureness, and massiveness of Ada with much of the unsafeness of K+R C. It should have been strangled at birth. But we are where we are; the world has moved on from K+R, and not necessarily in a good way.
Too much kernel mode code, inadequate management, and C++. A recipe for disaster.
There's a rumour that RR's Trent 900 engine control (as seen on TV) was programmed in C++ (most of RR's other modern stuff is Ada, which is in more general use in that sector of the industry). That's not just kernel mode, that's life threatening.
All of this arises because Billco and his friends in the meeja didn't understand (or care about) the difference between performance and productivity.
Back in the days when 16bit Windows was still around and NT3.x was new fangled, my self-supported NT3.x laptop enabled me to be more productive than my IT-supported Win3.x/Win9x colleagues with allegedly more powerful IT-provided desktops.
On any given performance benchmark, mine was usually slower by a little bit. But on a typical working day I got more done than they did, sometimes lots more, because theirs were constantly refusing to process something because they were out of memory, and I'd do it for them in a flash. Or maybe some app had hung and they'd lost their work. Stuff that NT largely made history.
Billco and his media friends meanwhile were reporting that NT was (say) 20% slower in some game-oriented benchmark, so Gates said to Cutler "never mind this partioning for security, it's making us look stupid, why is it slower than 16bit Windows, 32 bit should be twice as fast. Get rid of that security stuff.", and the rest is history.