back to article It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too

Microsoft today released patches for more than 60 CVE-listed vulnerabilities in its software. Meanwhile, Adobe is skipping October's Patch Tuesday altogether. Among the latest holes that need papering over via Windows Update are three vulnerabilities already publicly disclosed – with one being exploited right now by hackers to …

Page:

  1. Roger Ramjet

    By the time I read this, it was waiting to be installed.

    1. Anonymous Coward
      Anonymous Coward

      And that's the last we'll see of you for a few hours.

    2. elDog Silver badge

      And there'll be a bunch of new zero-days to deal with

      Just applying patches seems to trigger the vultures to unleash their latest.

      Who's really driving this train? It doesn't seem to be the engine or pilot - it seems to be some of the secret passengers who are hoping for a crash.

    3. Anonymous Coward
      Anonymous Coward

      Crap by (lack of) design.

      1. oiseau Silver badge
        Facepalm

        Future headlines

        You don't have to be a future telling savant to know that one of the prominent Microsoft related headlines appearing in The Register in the next few years will continue to be:

        "It's 20XX... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too"

        It *will* save a lot of work for the editor, mind you.

        Just has to copy/paste and then replace XX with the proper number.

        In any case, just like with this one headline, absolutely no one will be surprised and (uncanny beyond beief) quite a few members of the ElReg readership will be wondering why it takes so long to patch their (still) vulnerable MS install.

        Cheers.

        1. Scott 53

          Re: Future headlines

          2XXX

          FTFY

          1. Ken Hagan Gold badge

            Re: 2XXX

            No way will we need that third X. Microsoft have no new products that look capable of sustaining their historic position within the industry. They've given up on "devices" and they've largely lost on servers. They survive on desktops on the strength of their ability to run programs from a decade or so ago, but the result of *that* is that the current version of Windows is almost crushed under its own weight of back-compat crap.

            They aren't dead yet, but in 2025 we may look back at 2017 and say "Yeah, the signs were already there.".

            And to the naysayers who point to the cash pile I say just that it is all virtual money and another company (probably not Apple, Google or Amazon, although they are probably big enough) will eventually have a big enough pile of its own to *buy* Microsoft for its IP and promptly shut down the day-to-day operation as an act of mercy.

            1. bombastic bob Silver badge
              Unhappy

              Re: 2XXX

              "They survive on desktops on the strength of their ability to run programs from a decade or so ago"

              for now. Until they decide to abandon Win32 support and go "UWP only".

              just wait. they'll do it. they've got their foot targeted, and are ready to pull the trigger...

    4. Anonymous Coward
      Anonymous Coward

      By the time I read this, it was waiting to be installed.

      Yeah, it's always nice when I can start the day with doing paperwork because my work system is wasting power and bandwidth performing yet-another-f*cking-update. Thank God we haven't managed the paperless office yet or I'd be sitting there for a couple of hours.

      I can recall the days when someone was selling us a Windows update with the statement that it would increase our productivity. I note with interest that they're very careful to avoid that argument now.

      1. Roland6 Silver badge

        >Windows update ... increase our productivity.

        Perhaps MS have quietly gone into reverse, with all the claims that people are spending too much glued to their computers, MS, through the Windows Update service, are providing opportunities for people to take breaks and do other stuff...

    5. Anonymous Coward
      Anonymous Coward

      My IT department will roll this out in the next 3 months or so, totally oblivious that windows security is total dogshite, actually believing there is some security benefit rushing into a windows 10 rollout that end users hate.

  2. Anonymous Coward
    Anonymous Coward

    Disgorge

    Microsoft spew again in to the bucket that is Windows. No wonder it smells, 30 ( THIRTY ) years of vomit needs one big malodorous bucket.

    Running Windows is negligent, maybe the next big hack "victim" will sue MS as their crap no doubt will feature prominently in the corporate rampage.

    Feel free to down vote lemmings, but be sure to open your eyes less you press the up vote icon.

    1. wallaby

      Re: Disgorge

      "Microsoft spew again in to the bucket that is Windows. No wonder it smells..................................... etc. etc. etc.etc.etc."

      Soooooooooooooooooooooooooo Tedious

      you need to up the dosage mate

      1. Kiwi Silver badge
        Linux

        Re: Disgorge

        Soooooooooooooooooooooooooo Tedious

        Not as tedious as the MS fanbois etc defending something that should be indefensible.

        In 1995, when the net was just starting to come to life, this stuff might have been forgiveable. But by now any decent SW company knows not to write code that allows the opening of a document to take control of a computer.

        you need to up the dosage mate

        Would love to know what you're taking that lets you sleep at night while you're defending this garbage.

        (Oh, seems to set you off so : mickey$oth, windoze, losedoze, microsucks, M$ etc etc etc... Hope you have a padded cell nearby...)

  3. Sorry that handle is already taken. Silver badge
    Devil

    Exploitable flaws in TPM

    Delicious

    1. LDS Silver badge

      Re: Exploitable flaws in TPM

      Just look at all the bugs and design flaws in SSL...

      1. oldcoder

        Re: Exploitable flaws in TPM

        Over the years... the average is 0.something per year.

  4. TReko
    Flame

    Old vs New Bugs

    Every new patch from MS recently seems to break something else.

    We spend the days after patching fixing or reverting machines.

    I get the feeling that they do not test as thoroughly as they used to.

    1. Anonymous Coward
      Thumb Down

      Re: Old vs New Bugs

      I get the feeling that they do not test as thoroughly as they used to…

      That’s your job now, as a customer. Welcome to Agile.

    2. Anonymous Coward
      Anonymous Coward

      Re: Old vs New Bugs

      I get the feeling that they do not test as thoroughly as they used to.

      FIFY :)

    3. Michael Habel Silver badge

      Re: Old vs New Bugs

      Blame the lack of interest in Windows X for that... After all that's where most of the Alpha / ßeta team now sit. Saving M$ undoubtedly countless ¥€$ on internally testing their Software.

    4. oldcoder

      Re: Old vs New Bugs

      Testing?

      Microsoft laid off the quality control section about 3 years ago.

      Not that there was all that much quality to start with.

    5. bombastic bob Silver badge
      Unhappy

      Re: Old vs New Bugs

      "I get the feeling that they do not test as thoroughly as they used to."

      they don't test at all. they fired their testing staff 2 years ago, during the insider program for Win-10-nic. They're entirely relying on 'insiders' and people who get the first run of patches. that's why there are forced updates, to make SURE they get their patches tested by the unfortunate saps who risk bricking their new, shiny machines that came with Win-10-nic.

  5. Anonymous Coward
    Anonymous Coward

    "scripting engine in Internet Explorer and Edge"

    Same shitty browser, different icon.

  6. Anonymous Bullard

    It's 2017....

    And this is still news.

  7. Captain DaFt

    Nice sub-title

    -But at least there's no Flash update (not this week, anyway)-

    But a bit optimistic. It's only the middle of the week! ☺

  8. FozzyBear Silver badge
    Stop

    Another week and get to go through the same ol' dance steps. Test, install, fix again, then it's the start of a new week.

    Oh look, a new set of critical patches for Windows.

    <Sigh>

  9. Carl D

    The NeverEnding Story Continues...

    I was watching George Pal’s 1960 movie of H.G. Wells’ The Time Machine the other day and I couldn’t help but wonder if we’ll still be patching Windows security issues in the year 802,701 A.D.?

    Not as far fetched as it may seem, in my opinion.

    1. MacroRodent Silver badge

      Re: The NeverEnding Story Continues...

      but wonder if we’ll still be patching Windows security issues in the year 802,701 A.D.?

      That is one job the morlocks do. But you know the price...

      1. Brian Miller
        Linux

        Re: The NeverEnding Story Continues...

        Yeah, but they're eating Windows users.

      2. Teiwaz Silver badge

        Re: The NeverEnding Story Continues...

        That is one job the morlocks do. But you know the price...

        Windows 'ate' finally popular.

    2. tempemeaty

      Re: The NeverEnding Story Continues...

      And it will still be the same Windows from today with continued updates. Microsoft isn't ever going to write a completely new OS. LOL.

      1. Kiwi Silver badge
        Coat

        Re: The NeverEnding Story Continues...

        And it will still be the same Windows from today with continued updates. Microsoft isn't ever going to write a completely new OS. LOL.

        At least they're consistent.

    3. Michael Habel Silver badge

      Re: The NeverEnding Story Continues...

      Hopefully MicroSoft would have rolled over by then.

    4. John 110
      Facepalm

      Re: The NeverEnding Story Continues...

      "I couldn’t help but wonder if we’ll still be patching Windows security issues in the year 802,701 A.D."

      Of course we will, it might not be Windows, but every operating system needs patched and will do into infinity (and beyond)

    5. bombastic bob Silver badge
      Trollface

      Re: The NeverEnding Story Continues...

      "wonder if we’ll still be patching Windows security issues in the year 802,701 A.D."

      WIn-10-nic, the Morlock version

      1. Kiwi Silver badge
        Coat

        Re: The NeverEnding Story Continues...

        "wonder if we’ll still be patching Windows security issues in the year 802,701 A.D."

        WIn-10-nic, the Morlock version

        Is that a contraction of "More Lock" as in "even more M$ lock-in"?

  10. Joe Werner

    Fonts and Windows..

    I had the error message "a TrueType font caused a general protection fault in the module setup.exe" when installing Windows once. Must have been Win98 (SE?).

    1. wallaby

      Re: Fonts and Windows..

      "I had the error message "a TrueType font caused a general protection fault in the module setup.exe" when installing Windows once. Must have been Win98 (SE?)."

      I had similar to that that installing Win 98 last year ..... after a failed hard drive trashed the disk and the backup of it had been lost under a deluge of sea water 2 years previously..... it was the fish in the open backup safe that did it.

  11. Ken Moorhouse Silver badge

    force regeneration of previously created weak TPM keys

    So these updates come with some extra homework.

    1. Wensleydale Cheese Silver badge
      Joke

      Re: force regeneration of previously created weak TPM keys

      "So these updates come with some extra homework."

      Please, Miss, Windows ate my homework.

  12. SVV Silver badge

    Who designed this then?

    "visiting a website or opening a file with a specially crafted embedded font can cause malware within the font data to run and hijack the PC."

    How the hell did you design an OS that lets programmers embed code in a FONT?

    1. Teiwaz Silver badge

      Re: Who designed this then?

      How the hell did They design an OS that lets programmers embed code in a FONT?

      also

      Why the hell did They design an OS that lets programmers embed code in a FONT?

      1. Anonymous Coward
        Anonymous Coward

        Re: Who designed this then?

        Why the hell did They design an OS that lets programmers embed code in a FONT?

        The TrueType engine contains an interpreter that executes its own instruction set to adjust how fonts are rendered at different sizes on different resolutions. It's a complex process. The 8 x 8 grid of bits is long gone!

        https://www.microsoft.com/en-us/Typography/SpecificationsOverview.aspx

        ☐☐☐☐☐☐☐☐

        ☐☐◼︎◼︎◼︎◼︎☐☐

        ☐◼︎◼︎☐☐◼︎◼︎☐

        ☐☐☐☐◼︎◼︎☐☐

        ☐☐☐◼︎◼︎☐☐☐

        ☐☐☐☐☐☐☐☐

        ☐☐☐◼︎◼︎☐☐☐

        ☐☐☐☐☐☐☐☐

    2. LDS Silver badge

      Re: Who designed this then?

      That's what needed to have nice looking fonts able to scale on any output device, unluckily. People would complain about bitmap fonts enlarged for their 4K display, I'm afraid.

      Anyway, in fonts like TrueType the culprits are both Apple and Microsoft - actually the hinting engine was an Apple patent. But other font rendering engines are not that different.

      The real issue is not that font have code inside - it's how safe the rendering engine processing that code is. And still, the rendering pipeline must be very fast, or people will complaining if font rendering is slow.

    3. oldcoder

      Re: Who designed this then?

      Not just a font.. but the processing of that font was a kernel function.

      Microsoft IS supposed to have moved it out of the kernel... finally, but it may still have privileges...

    4. Jonathan 27 Bronze badge

      Re: Who designed this then?

      Blame Von Neumann's stored program concept, if computers had totally separate data and executable storage this wouldn't be a problem. But as such, all the data on you computer MIGHT be a program.

      1. Anonymous Coward
        Anonymous Coward

        "if computers had totally separate data and executable storage"

        Actually, x86 protected mode can define what memory segments are for (executable, readable, writable....) - just no mainstream OS ever used them because of the complexity. AMD even removed the feature in x64. Just, it was what it is needed now to write secure systems.

        Anyway, fonts today are a sort of program - its execution should be strictly controlled, though. Again, the Intel four ring model would allow for better separation of privileges, but again nobody used it, because most CPUs had only two rings (and anyway, ring transitions are costly).

        In a four ring model you could have the true kernel running at ring 0, for example, while I/O could work at ring 1. It could still directly access the hardware (with a proper IOPL setting), but would not be able to access and modify ring 0 data.

        One day those features will be sold as a new, great breakthrough in computer security.... just like the cloud mainframe model looks so "disruptive"...

        1. Anonymous Coward
          Anonymous Coward

          Re: "if computers had totally separate data and executable storage"

          The most complex problem the next generation of developers can get their heads around is what sort of beard oil to apply. They're screwed. We're screwed.

        2. bombastic bob Silver badge
          Happy

          Re: "if computers had totally separate data and executable storage"

          "AMD even removed the feature in x64"

          you sure about that? I'm pretty certain that x64 has executable and non-executable page flags...

          edit: found this quote on wikipedia

          "The No-Execute bit or NX bit (bit 63 of the page table entry) allows the operating system to specify which pages of virtual address space can contain executable code and which cannot. An attempt to execute code from a page tagged "no execute" will result in a memory access violation, similar to an attempt to write to a read-only page. This should make it more difficult for malicious code to take control of the system via "buffer overrun" or "unchecked buffer" attacks. A similar feature has been available on x86 processors since the 80286 as an attribute of segment descriptors; however, this works only on an entire segment at a time."

          https://en.wikipedia.org/wiki/X86-64

          thought so

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019