Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Code Reuse Causes Problems

As alluded to in the pre-advisory for Microsoft's April Security Patch Release, at least one patch that was released points to significant code reuse between the different versions of Windows, including all versions released since Microsoft's big move towards secure development cycles. The biggest indication of this can be seen with the GDI library patch, MS08-021, which replaces MS07-046, which replaced MS06-001. What this patch points to is ongoing vulnerabilities in a library that first came to prominence with the WMF vulnerabilities in the week of Christmas, 2005. Since that time, Microsoft have released Windows Vista and Windows Server 2008, both of which are vulnerable to the two critical vulnerabilities patched by MS08-021, including one WMF image handling vulnerability.

Microsoft has been criticised in the past for failing to adequately patch vulnerabilities , where they have been forced to release multiple patches to address a single set of core issues that failed to be adequately patched the first time. When a new patch includes a patch for a WMF vulnerability from the same library that has had major vulnerabilities affecting it in the past, it is strongly suggestive of a lack of adequate code review and application of secure development practices when integrating support for existing files and formats in new Windows releases.

It should come as no surprise that Symantec raised their threat level to Yellow not long after the release of Microsoft's patches, apparently in response to attempts to exploit the GDI vulnerabilities. It would come as no surprise if hackers were digging through their previous collection of WMF-related vulnerabilities to see what was still available (or if the old exploits would still work / work again).

13 April 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.