Linked by Thom Holwerda on Wed 4th Apr 2007 21:07 UTC, submitted by jayson.knight
Windows "Hey Folks - this is Mike Reavey. We're all glad that MS07-017 - the Security Bulletin that fixes the vulnerability in Animated Cursor Handling - has been released, helping to block attacks on that vulnerability. While we released it within 5 days of being notified of attacks, we have received questions from customers about why it took us 3 months to develop and release the fix for this vulnerability. I wanted to provide some insight into the history of this vulnerability, and while doing so, hopefully provide insight into the overall security update lifecycle, including testing, which consumes the greatest amount of time."
Order by: Score:
That's fast
by prymitive on Wed 4th Apr 2007 21:55 UTC
prymitive
Member since:
2006-11-20

In this particular case, our investigation through January and February showed that there was a dependency between one of the files required to address a related vulnerability in a system driver that runs in kernel mode (win32k.sys) CVE-2006-5758 and the file that needed to be updated to resolve Windows Animated Cursor Handling vulnerability CVE-2007-0038 (user32.dll). That dependency meant a comprehensive update needed both files to be applied to systems at the same time, and our investigation included multiple components.


I took 2 months to find all bugs? They say they have hundereds of folks to test patches, how many people do look for bugs?

Reply Score: 2

geez
by poundsmack on Wed 4th Apr 2007 22:02 UTC
poundsmack
Member since:
2005-07-13

I have no problem with MS taking a little while to make sure a good quality patch is released but to take as long as they did only to rush it in the end is insane. not to mention al the problems it is causing

http://neowin.net/index.php?act=view&id=39249

Reply Score: 2

RE: geez
by Laurence on Wed 4th Apr 2007 22:39 UTC in reply to "geez"
Laurence Member since:
2007-03-26

I got the impression that the article was only posted on the blog site because people were commenting on how long it took to release and MS wanted to save face

Reply Score: 2

MS is a victim
by yuvaraj on Wed 4th Apr 2007 22:14 UTC
yuvaraj
Member since:
2005-07-08

There are so many people interested in cracking windows than other OS. In a way it is gud for MS as they get their job done by a larger community.

Reply Score: 1

Core of the OS?
by eantoranz on Thu 5th Apr 2007 01:32 UTC
eantoranz
Member since:
2005-12-18

Rendering of an icon goes deep enough that becomes a part of the core of the OS??? Am I the only one that thinks that they should be ashamed of that design? Ugh!

Reply Score: 5

RE: Core of the OS?
by WinstonEwert on Thu 5th Apr 2007 02:08 UTC in reply to "Core of the OS?"
WinstonEwert Member since:
2005-07-06

Keep in mind that without actually knowing the design in more detail and understanding motivations behind it, its very difficult to be an accurate judge.

Reply Score: 4

RE[2]: Core of the OS?
by eantoranz on Thu 5th Apr 2007 02:23 UTC in reply to "RE: Core of the OS?"
eantoranz Member since:
2005-12-18

Keep in mind that without actually knowing the design in more detail and understanding motivations behind it, its very difficult to be an accurate judge.


Look.. the day I see Operating Systems: Design & Implementation books used in a respectable university come with a chapter dedicated to icon rendering (???), we'll talk about being an accurate judge. :-D

Reply Score: 2

RE[3]: Core of the OS?
by jayson.knight on Thu 5th Apr 2007 05:25 UTC in reply to "RE[2]: Core of the OS?"
jayson.knight Member since:
2005-07-06

"Look.. the day I see Operating Systems: Design & Implementation books used in a respectable university come with a chapter dedicated to icon rendering (???)"

The day a university develops, releases, and maintains something as large and complex as Windows (or anything similar to the public domain), I'll let academia be the judge as to why MS chose to do things the way they did.

Like most other things in Windows that kind of make you go "WTF" it's gotta be related to backwards compatibility.

Reply Score: 5

RE[4]: Core of the OS?
by poundsmack on Thu 5th Apr 2007 08:21 UTC in reply to "RE[3]: Core of the OS?"
poundsmack Member since:
2005-07-13

"The day a university develops, releases, and maintains something as large and complex as Windows (or anything similar to the public domain), I'll let academia be the judge as to why MS chose to do things the way they did. "

hmmm come to thnk of it there was that litle thing called....uh what was it again..... the _______ Software Distrobution.....oh wait!

http://en.wikipedia.org/wiki/BSD

:)

Reply Score: 2

RE: Core of the OS?
by PlatformAgnostic on Thu 5th Apr 2007 03:10 UTC in reply to "Core of the OS?"
PlatformAgnostic Member since:
2006-01-02

We're rendering the cursor here, not icons. This cursor is always displayed and in some cases the graphics card is involved in drawing the cursor. It stands to reason that drawing the cursor should be one of the core functions of the graphics server. In Windows, the graphics server partly runs in kernel mode (in win32k.sys), so in that sense it's in the core of the OS.

This does not mean that it's anywhere near the scheduler, or IO manager, or anything else that you'd consider fundamental to the OS. The icon handling code and cursor management is in the core of the windowing system, and most applications on windows are graphical, so in a sense this is in the core of what applications use the most. And errors here are most noticeable to the user.

Where else would you propose to draw things like the cursor or to draw an icon but in the core of the GUI?

Reply Score: 5

RE[2]: Core of the OS?
by butters on Thu 5th Apr 2007 07:07 UTC in reply to "RE: Core of the OS?"
butters Member since:
2005-07-08

I would proposed to draw cursors and icons in userspace, preferably in a process running without login privileges.

From the explanation here, I can only speculate that the actual rendering is done by a library routine in user32.dll, but it relies on the kernel to get the position of the cursor on the viewport and to copy the rendered bitmap into a kernel buffer. Specify a malicious animated icon, and the kernel might do bad things.

Again, this is just speculation, but this seems like a simple issue of not properly validating data from userspace, exacerbated by some core graphics code running in the kernel.

As for the 80 issues they claim to have found while developing the fix, I further speculate that many of these are silly complaints (including false positives) from their automated static analysis tool, PREfix.

Reply Score: 3

RE[2]: Core of the OS?
by dejf on Thu 5th Apr 2007 15:20 UTC in reply to "RE: Core of the OS?"
dejf Member since:
2007-04-03

Well, yes, but animation itself and it's vulneabilities scatered around two core files? I don't think that's okay.
Another thing is, that they were testing chanches in animated cursor for two monts, those two months when the vulneability was widely known to anybody interested. That vorries me much more.

Reply Score: 1

RE: Core of the OS?
by CrazyDude0 on Thu 5th Apr 2007 15:30 UTC in reply to "Core of the OS?"
CrazyDude0 Member since:
2005-07-10

I agree. This seems so stupid. To make graphics faster, windows moved tons of graphics code in kernel mode driver called win32k.sys as the name stands win32 in kernel:)

This is the stupid stuff that people in Microsoft keep doing. Instead of solving real design or performance issues, people put hacks around them.

Look for superfetch in vista, because they can't make vista faster, they designed a patched solution called superfetch. Lame i must say...

Reply Score: 2

DVD drives not working!
by SReilly on Thu 5th Apr 2007 08:26 UTC
SReilly
Member since:
2006-12-28

Man, this fix is a PITA! Ever since the installation, both my DVD drives need to be disconnected for my system to boot properly. Talk about screwing up!

Don't get me wrong, I'm happy(er) with MS's bug fix release cycle, it's certainly miles better than just a few years ago, but this is a major pain in the but.

Guess I should have taken my own advice and waited for SP1 ;-)

Reply Score: 2

RE: DVD drives not working!
by sbergman27 on Thu 5th Apr 2007 18:05 UTC in reply to "DVD drives not working!"
sbergman27 Member since:
2005-07-24

This patch to the way cursors are animated, in the works for 3 months, which affects the very core of the operating system, has broken your ability to boot with DVD drives attached?

I'll certainly remember that one next time someone tries to convince me about how modular Windows is!

Edited 2007-04-05 18:07

Reply Score: 3

Fix
by ano69 on Thu 5th Apr 2007 12:44 UTC
ano69
Member since:
2006-07-07

The patch introduces many problems both in Windows and in some applications. It really seems that MicroSoft rushed this one, considering cold reception that Vista suffers.

Reply Score: 2