Windows - Bug or Backdoor?

4 views
Skip to first unread message
Message has been deleted

nwco...@gmail.com

unread,
Jan 14, 2006, 11:45:43 AM1/14/06
to nwconfig
WMF Vulnerability

>>>>> quote from Steve Gibson <<<<<<<<
Steve Gibson alleges that the WMF vulnerability in Windows was neither
a bug, nor a feature designed without security in mind, but was
actually an intentionally placed backdoor. the way SetAbortProc works
in metafiles does not bear even the slightest resemblance to the way it
works when used by a program while printing. Based on the information
presented, it really does look like an intentional backdoor." There's a
transcript available of the 'Security Now!' podcast where Gibson
discusses this.
>From Always on:
http://www.alwayson-network.com/comments.php?id=13527_0_6_0_C

rest of steves explanition is here:
afdafhttp://www.grc.com/x/news.exe?cmd=article&group=grc.news.feedback&item=60006
> conclusion <<<<
But since EVERY METAFILE RECORD starts out with a mandatory
four-byte record length, followed by a two-byte function code,
the smallest possible record is six-bytes, or a size of THREE
words. Therefore the use of a word-length of ONE is impossible.

It was put in there as a safety interlock to prevent the mis-
firing of this backdoor in the event that some whacky metafile
would actually HAVE a needless (because it's not a printer
device context) Escape/SetAbortProc metafile record.

No...

The only conclusion that can reasonably be drawn is that this
was a deliberate backdoor put into all of Microsoft's recent
editions of Windows. WHY it was put in and WHO knew about it,
and WHAT they were expected to use it for ... we'll never know.
>>>>

nwco...@gmail.com

unread,
Jan 14, 2006, 11:48:40 AM1/14/06
to nwconfig
[This followup was posted to grc.security, grc.securitynow and a copy
was sent to the cited author.]

The following article was posted to the NIST.org website. I thought
you
might be interested (see
http://www.nist.org/news.php?extend.55 for the whole thing).

Here is how it starts:

"Thank you Microsoft for blessing us with a patch to fix the products
you currently sell. The products that compete with Linux and Macintosh.

Excellent job at diverting the our attention away from the fact that
Windows 95, Windows 98, Windows 98SE, Windows Millennium Edition, and
Windows NT4 remain vulnerable. Neat trick convincing people that "the
vulnerability is not critical because an exploitable attack vector has
not been identified that would yield a Critical severity rating for
these versions."

John H.
NIST.org

nwco...@gmail.com

unread,
Jan 14, 2006, 12:07:29 PM1/14/06
to nwconfig
Back Door tester

Download our "KnockKnock" backdoor tester

http://www.grc.com/miscfiles/KnockKnock.exe

I know it's an exe file.... it is put out by the makeers of SpinRite
who say... " Leo and I carefully examine the operation of the recently
patched Windows MetaFile vulnerability. I describe exactly how it works
in an effort to explain why it doesn't have the feeling of another
Microsoft "coding error"
your can read before you download,
There is also an audio broadcast here:
http://grc.com/default.htm

Reply all
Reply to author
Forward
0 new messages