funsec mailing list archives
RE: Russinovich: Inside the WMF 'Backdoor'
From: "Greg Wroblewski" <Greg.Wroblewski () microsoft com>
Date: Thu, 19 Jan 2006 10:04:32 -0800
He missed one thing: the "backdoor" only works in some applications and some attack vectors (for an example in IE with <IMG> tag it does not work). The fact to your application handles WMF files does not make you automatically vulnerable. That would be a lame backdoor IMO. Greg ======== This posting is provided "AS IS" with no warranties, and confers no rights. -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Fergie Sent: Thursday, January 19, 2006 7:19 AM To: funsec () linuxbox org Subject: [funsec] Russinovich: Inside the WMF 'Backdoor' Mark writes over on the SysInternals blog: [snip] Steve Gibson (of SpinRite fame) proposed a theory in his weekly Thursday-night podcast last week that if true, would be the biggest scandal to ever hit Microsoft - that the Windows Metafile (WMF) vulnerability that drew so much media attention last month is actually a backdoor programmed intentionally by Microsoft for unknown reasons. Slashdot picked up the story the next day and I received a flood of emails asking me to look into it. I finished my analysis, which Steve aided by sending me the source code to his WMF-vulnerability tester program (KnockKnock), over the weekend. In my opinion the backdoor is one caused by a security flaw and not one made for subterfuge. I sent my findings to both Steve and to Microsoft Monday morning, but because the issue continues to draw media attention I've decided to publicly document my investigation. [snip] Much more here: http://www.sysinternals.com/blog/2006/01/inside-wmf-backdoor.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Russinovich: Inside the WMF 'Backdoor' Fergie (Jan 19)
- Re: Russinovich: Inside the WMF 'Backdoor' Andre Ludwig (Jan 19)
- <Possible follow-ups>
- RE: Russinovich: Inside the WMF 'Backdoor' Blanchard, Michael (InfoSec) (Jan 19)
- RE: Russinovich: Inside the WMF 'Backdoor' Richard M. Smith (Jan 19)
- Re[2]: Russinovich: Inside the WMF 'Backdoor' Pierre Vandevenne (Jan 19)
- RE: Russinovich: Inside the WMF 'Backdoor' Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 19)
- RE: Russinovich: Inside the WMF 'Backdoor' Richard M. Smith (Jan 19)
- RE: Russinovich: Inside the WMF 'Backdoor' Greg Wroblewski (Jan 19)