No WMF Exploit - If you have DEP capable CPUs and DEP enabled

[Saucy Lemon]

glee wrote:

If you want to be negative about something, you can cook up all the
scenarios you want. Fact of the matter is, is that the new CPUs and Windows
DEP really boost the defence against exploits big time. They do not
eliminate all threats, no, but they are a solid advance. Some people and
business might want to take advantage of this technology because their
data's security is valuable to them.

 

[glee]

? Not "being negative"... I agree with the advantages of hardware DEP. I am giving
you the scenarios I see in practical reality "in the field", as you seem to be
overlooking them in your zeal over the technology.

 

[cquirke (MVP Windows shell/user)]

On Thu, 5 Jan 2006 20:56:51 -0500, "Saucy Lemon"

Actually, Windows 98 is affected. The risk is not "critical" as the attack
vector is not the same for Windows 98.

From what I gather, there are two factors in this exploit; a by-design
stupidity, and a further code-level factor to exploit this. It seems
that the first is not in itself all that is required to exploit.

The by-design stupidity is inherent in the WMF file format, so
anything that interprets WMF would be affected - and that includes
Win9x, in that the OS, or subsystems added to it (IE, MS Offiice) can
process WMF files as designed. These are, after all, the standard
file type for MS Office clipart.

It may be that the second factor has notbeen found in Win9x, i.e. that
all current exploits of the by-design defect rely on additional code
(such as the fax viewer .DLL) that is present in XP etc. but not Win9x


However, it's also possible that MS is playing with the semantics of
"critical" in the context of Win9x. One of the last remaining support
obligations to Win9x is to fix "critical" defects, designed as
facilitating an outbreak of a "worm".

If you define "worm"as narrowly as a clickless attack that can spread
through PCs purely as a consequence of being online, then Win9x is far
more resistent to that because it doesn't wave a ton of "network
services" at the Internet for any passing worm to take a shot at.

If WMF exploits were to facilitate such worms on Win9x, MS might be
obliged to fix the defect on Win9x. So it's easy to see why any
excuse might be siezed to consider the exploit "not critical" in Win9x

Besides, more generally, Windows 98 is vulnerable to buffer overrrun
exploits of various sorts, something which a hardware and software
upgrade could preclude and should probably be considered by
Windows 98 users.

That sounds like FUD, pure and simple. Is the OS always to be the
lifespan-limiting "weakest link" in system design? If so, should this
be tolerated by consumers, when it forces otherwise-satisfactory
systems to be replaced? Should product defects be harnessed to drive
new sales of the product's replacement from the same vendor?

There are ethical as well as technological questions here.

When I posted the original post, I did so with the fact in mind that Windows
98 is potentially vulnerable - so I think it is OK to have cross-posted to
the Windows 98 'general' group. And I'm not going to stop cross-posting now
this far into the thread, especially since you saw fit to both comment and
crosspost yourself.

I think the problems arise when fixes relevant only to XP come up,
such as DEP. There's no point in mentioning those in a Win9x group.

---------- ----- ---- --- -- - - - -

Don't pay malware vendors - boycott Sony

 

[Marianne B.]

You're sure on a roll today - giving that keyboard quite a workout.

Thanks for the insightful summary and analysis.

M.B.