Linked by Thom Holwerda on Mon 16th Jan 2006 18:47 UTC, submitted by glarepate
Windows Microsoft has shipped the first critical security update for Windows Vista, the next version of its flagship operating system. Over the weekend, the company released patches for beta testers running the Windows Vista December CTP and Windows Vista Beta 1, and warned that the new operating system was vulnerable to a remote code execution flaw in the Graphics Rendering Engine.
Permalink for comment 87589
To read all comments associated with this story, please click here.
RE[6]: Roll Up! Roll UP!
by glarepate on Thu 19th Jan 2006 21:02 UTC in reply to "RE[5]: Roll Up! Roll UP!"
Member since:

Please, there is no way such a thing would get past so many people at MS.

This presumes that the so-called "backdoor" (I don't believe it either) wasn't designed in as part of the OS. Others believe differently about a different, so-called NSA, backdoor.

But if they have the policies, tools and skills in place to detect and prevent a backdoor from being included in their product (without it being put in there by corporate decision) why can't they detect and prevent the [insert huge but undefined number here] other security issues inhering in the system? To me this looks a whole lot like one of the many of ease of use features that were implemented with no regard to the security consequences.

So arguing that it can't be there because it couldn't "get past so many people at MS" is as unsupportable as saying that it may have been done by some rogue programmer. Possibly more unsuppportable since there is more than adequate proof in the form of admissions by MS that providing customers with more choices drove the inclusion of the ease of use bugs.

Based on analysis by others that points out that Gibson's assertion that only a specific impossible construction in the metafile could have triggered it is wrong and that even correctly formed metafiles could trigger the defect I still don't believe that it's a backdoor. But the "many eyes" of MS doesn't hold any water either.

Reply Parent Score: 1