back to article It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too

Microsoft today released patches for more than 60 CVE-listed vulnerabilities in its software. Meanwhile, Adobe is skipping October's Patch Tuesday altogether. Among the latest holes that need papering over via Windows Update are three vulnerabilities already publicly disclosed – with one being exploited right now by hackers to …

By the time I read this, it was waiting to be installed.

3
1
Anonymous Coward

And that's the last we'll see of you for a few hours.

33
3
Silver badge

And there'll be a bunch of new zero-days to deal with

Just applying patches seems to trigger the vultures to unleash their latest.

Who's really driving this train? It doesn't seem to be the engine or pilot - it seems to be some of the secret passengers who are hoping for a crash.

7
0
Anonymous Coward

Crap by (lack of) design.

10
5
Anonymous Coward

By the time I read this, it was waiting to be installed.

Yeah, it's always nice when I can start the day with doing paperwork because my work system is wasting power and bandwidth performing yet-another-f*cking-update. Thank God we haven't managed the paperless office yet or I'd be sitting there for a couple of hours.

I can recall the days when someone was selling us a Windows update with the statement that it would increase our productivity. I note with interest that they're very careful to avoid that argument now.

13
6
Silver badge

>Windows update ... increase our productivity.

Perhaps MS have quietly gone into reverse, with all the claims that people are spending too much glued to their computers, MS, through the Windows Update service, are providing opportunities for people to take breaks and do other stuff...

8
0
Facepalm

Future headlines

You don't have to be a future telling savant to know that one of the prominent Microsoft related headlines appearing in The Register in the next few years will continue to be:

"It's 20XX... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too"

It *will* save a lot of work for the editor, mind you.

Just has to copy/paste and then replace XX with the proper number.

In any case, just like with this one headline, absolutely no one will be surprised and (uncanny beyond beief) quite a few members of the ElReg readership will be wondering why it takes so long to patch their (still) vulnerable MS install.

Cheers.

2
1

Re: Future headlines

2XXX

FTFY

5
0
Gold badge

Re: 2XXX

No way will we need that third X. Microsoft have no new products that look capable of sustaining their historic position within the industry. They've given up on "devices" and they've largely lost on servers. They survive on desktops on the strength of their ability to run programs from a decade or so ago, but the result of *that* is that the current version of Windows is almost crushed under its own weight of back-compat crap.

They aren't dead yet, but in 2025 we may look back at 2017 and say "Yeah, the signs were already there.".

And to the naysayers who point to the cash pile I say just that it is all virtual money and another company (probably not Apple, Google or Amazon, although they are probably big enough) will eventually have a big enough pile of its own to *buy* Microsoft for its IP and promptly shut down the day-to-day operation as an act of mercy.

4
0
Anonymous Coward

My IT department will roll this out in the next 3 months or so, totally oblivious that windows security is total dogshite, actually believing there is some security benefit rushing into a windows 10 rollout that end users hate.

1
0
Silver badge
Unhappy

Re: 2XXX

"They survive on desktops on the strength of their ability to run programs from a decade or so ago"

for now. Until they decide to abandon Win32 support and go "UWP only".

just wait. they'll do it. they've got their foot targeted, and are ready to pull the trigger...

1
1
Anonymous Coward

Disgorge

Microsoft spew again in to the bucket that is Windows. No wonder it smells, 30 ( THIRTY ) years of vomit needs one big malodorous bucket.

Running Windows is negligent, maybe the next big hack "victim" will sue MS as their crap no doubt will feature prominently in the corporate rampage.

Feel free to down vote lemmings, but be sure to open your eyes less you press the up vote icon.

25
18
Bronze badge

Re: Disgorge

"Microsoft spew again in to the bucket that is Windows. No wonder it smells..................................... etc. etc. etc.etc.etc."

Soooooooooooooooooooooooooo Tedious

you need to up the dosage mate

13
22
Silver badge
Linux

Re: Disgorge

Soooooooooooooooooooooooooo Tedious

Not as tedious as the MS fanbois etc defending something that should be indefensible.

In 1995, when the net was just starting to come to life, this stuff might have been forgiveable. But by now any decent SW company knows not to write code that allows the opening of a document to take control of a computer.

you need to up the dosage mate

Would love to know what you're taking that lets you sleep at night while you're defending this garbage.

(Oh, seems to set you off so : mickey$oth, windoze, losedoze, microsucks, M$ etc etc etc... Hope you have a padded cell nearby...)

0
0
Silver badge
Devil

Exploitable flaws in TPM

Delicious

18
1
LDS
Silver badge

Re: Exploitable flaws in TPM

Just look at all the bugs and design flaws in SSL...

2
0
Silver badge

Re: Exploitable flaws in TPM

Over the years... the average is 0.something per year.

3
0
Flame

Old vs New Bugs

Every new patch from MS recently seems to break something else.

We spend the days after patching fixing or reverting machines.

I get the feeling that they do not test as thoroughly as they used to.

14
2
Thumb Down

Re: Old vs New Bugs

I get the feeling that they do not test as thoroughly as they used to…

That’s your job now, as a customer. Welcome to Agile.

13
1
Anonymous Coward

Re: Old vs New Bugs

I get the feeling that they do not test as thoroughly as they used to.

FIFY :)

12
1
Silver badge

Re: Old vs New Bugs

Blame the lack of interest in Windows X for that... After all that's where most of the Alpha / ßeta team now sit. Saving M$ undoubtedly countless ¥€$ on internally testing their Software.

1
2
Silver badge

Re: Old vs New Bugs

Testing?

Microsoft laid off the quality control section about 3 years ago.

Not that there was all that much quality to start with.

6
2
Silver badge
Unhappy

Re: Old vs New Bugs

"I get the feeling that they do not test as thoroughly as they used to."

they don't test at all. they fired their testing staff 2 years ago, during the insider program for Win-10-nic. They're entirely relying on 'insiders' and people who get the first run of patches. that's why there are forced updates, to make SURE they get their patches tested by the unfortunate saps who risk bricking their new, shiny machines that came with Win-10-nic.

2
1
Anonymous Coward

"scripting engine in Internet Explorer and Edge"

Same shitty browser, different icon.

23
4

It's 2017....

And this is still news.

19
2
Silver badge

Nice sub-title

-But at least there's no Flash update (not this week, anyway)-

But a bit optimistic. It's only the middle of the week! ☺

14
0
Silver badge
Stop

Another week and get to go through the same ol' dance steps. Test, install, fix again, then it's the start of a new week.

Oh look, a new set of critical patches for Windows.

<Sigh>

13
2

The NeverEnding Story Continues...

I was watching George Pal’s 1960 movie of H.G. Wells’ The Time Machine the other day and I couldn’t help but wonder if we’ll still be patching Windows security issues in the year 802,701 A.D.?

Not as far fetched as it may seem, in my opinion.

7
3
Silver badge

Re: The NeverEnding Story Continues...

but wonder if we’ll still be patching Windows security issues in the year 802,701 A.D.?

That is one job the morlocks do. But you know the price...

12
1
Silver badge
Linux

Re: The NeverEnding Story Continues...

Yeah, but they're eating Windows users.

17
3

Re: The NeverEnding Story Continues...

And it will still be the same Windows from today with continued updates. Microsoft isn't ever going to write a completely new OS. LOL.

8
0
Silver badge

Re: The NeverEnding Story Continues...

Hopefully MicroSoft would have rolled over by then.

2
1
Silver badge

Re: The NeverEnding Story Continues...

That is one job the morlocks do. But you know the price...

Windows 'ate' finally popular.

3
0
Facepalm

Re: The NeverEnding Story Continues...

"I couldn’t help but wonder if we’ll still be patching Windows security issues in the year 802,701 A.D."

Of course we will, it might not be Windows, but every operating system needs patched and will do into infinity (and beyond)

0
1
Silver badge
Trollface

Re: The NeverEnding Story Continues...

"wonder if we’ll still be patching Windows security issues in the year 802,701 A.D."

WIn-10-nic, the Morlock version

1
1
Silver badge
Coat

Re: The NeverEnding Story Continues...

And it will still be the same Windows from today with continued updates. Microsoft isn't ever going to write a completely new OS. LOL.

At least they're consistent.

0
0
Silver badge
Coat

Re: The NeverEnding Story Continues...

"wonder if we’ll still be patching Windows security issues in the year 802,701 A.D."

WIn-10-nic, the Morlock version

Is that a contraction of "More Lock" as in "even more M$ lock-in"?

0
0
Silver badge

Fonts and Windows..

I had the error message "a TrueType font caused a general protection fault in the module setup.exe" when installing Windows once. Must have been Win98 (SE?).

9
0
Bronze badge

Re: Fonts and Windows..

"I had the error message "a TrueType font caused a general protection fault in the module setup.exe" when installing Windows once. Must have been Win98 (SE?)."

I had similar to that that installing Win 98 last year ..... after a failed hard drive trashed the disk and the backup of it had been lost under a deluge of sea water 2 years previously..... it was the fish in the open backup safe that did it.

4
0
Silver badge

force regeneration of previously created weak TPM keys

So these updates come with some extra homework.

4
0
Silver badge
Joke

Re: force regeneration of previously created weak TPM keys

"So these updates come with some extra homework."

Please, Miss, Windows ate my homework.

3
0
SVV
Silver badge

Who designed this then?

"visiting a website or opening a file with a specially crafted embedded font can cause malware within the font data to run and hijack the PC."

How the hell did you design an OS that lets programmers embed code in a FONT?

4
4
Silver badge

Re: Who designed this then?

How the hell did They design an OS that lets programmers embed code in a FONT?

also

Why the hell did They design an OS that lets programmers embed code in a FONT?

6
2
LDS
Silver badge

Re: Who designed this then?

That's what needed to have nice looking fonts able to scale on any output device, unluckily. People would complain about bitmap fonts enlarged for their 4K display, I'm afraid.

Anyway, in fonts like TrueType the culprits are both Apple and Microsoft - actually the hinting engine was an Apple patent. But other font rendering engines are not that different.

The real issue is not that font have code inside - it's how safe the rendering engine processing that code is. And still, the rendering pipeline must be very fast, or people will complaining if font rendering is slow.

9
0

Re: Who designed this then?

Why the hell did They design an OS that lets programmers embed code in a FONT?

The TrueType engine contains an interpreter that executes its own instruction set to adjust how fonts are rendered at different sizes on different resolutions. It's a complex process. The 8 x 8 grid of bits is long gone!

https://www.microsoft.com/en-us/Typography/SpecificationsOverview.aspx

☐☐☐☐☐☐☐☐

☐☐◼︎◼︎◼︎◼︎☐☐

☐◼︎◼︎☐☐◼︎◼︎☐

☐☐☐☐◼︎◼︎☐☐

☐☐☐◼︎◼︎☐☐☐

☐☐☐☐☐☐☐☐

☐☐☐◼︎◼︎☐☐☐

☐☐☐☐☐☐☐☐

3
0
Silver badge

Re: Who designed this then?

Not just a font.. but the processing of that font was a kernel function.

Microsoft IS supposed to have moved it out of the kernel... finally, but it may still have privileges...

3
0

Re: Who designed this then?

Blame Von Neumann's stored program concept, if computers had totally separate data and executable storage this wouldn't be a problem. But as such, all the data on you computer MIGHT be a program.

2
0
Silver badge

Re: Who designed this then?

You write it in C/C++ of course. Keep up.

0
0
Anonymous Coward

"if computers had totally separate data and executable storage"

Actually, x86 protected mode can define what memory segments are for (executable, readable, writable....) - just no mainstream OS ever used them because of the complexity. AMD even removed the feature in x64. Just, it was what it is needed now to write secure systems.

Anyway, fonts today are a sort of program - its execution should be strictly controlled, though. Again, the Intel four ring model would allow for better separation of privileges, but again nobody used it, because most CPUs had only two rings (and anyway, ring transitions are costly).

In a four ring model you could have the true kernel running at ring 0, for example, while I/O could work at ring 1. It could still directly access the hardware (with a proper IOPL setting), but would not be able to access and modify ring 0 data.

One day those features will be sold as a new, great breakthrough in computer security.... just like the cloud mainframe model looks so "disruptive"...

3
0
Bronze badge

VN Blaming.

Von Neumann gets both too much credit ("accidentally" circulating a group report with only his name) and too much blame. For two reasons:

1) The machine described in the (in)famous paper was to an extent "tagged". That is, each word had a bit (the setting of which was left as an exercise to the reader, but was part of the program loading process) to distinguish instructions from data. Not some modern sort of "throw an exception far enough up that the code that finally catches it knows sod-all about the context", but "If you store to an instruction, only allow the address part to be modified" and "If you execute data, treat it as a 'load immediate'". Instruction modification was needed because B-Boxes had not yet been invented in the UK, nor (as index registers) patented by IBM in the US.

2) Even doing a stronger separation of code and data (e.g. the NX bit fixing the elision of segment-based control on the way to pages) gets you only so far. Your JVM may be immutable code, but it will be interpreting "data" (byte-codes) from who knows where, manipulating other data, probably all in one bit-soup "for efficiency".

If you want _real_ separation, look into the Fairchild Symbol Computer. Even the compiler was "hardware".

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018