funsec mailing list archives

Re: Black screen

From: Alex Eckelberry <AlexE () sunbelt-software com>
Date: Fri, 4 Dec 2009 06:17:20 -0500

A worthwhile overview:

http://blogs.zdnet.com/Bott/?p=1575


Alex
 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Nick FitzGerald
Sent: Thursday, December 03, 2009 4:45 PM
To: funsec () linuxbox org
Subject: Re: [funsec] Black screen

Robert Slade wrote:

Microsoft has announced, today, that they have absolutely no idea what 
the problem is, but it is *not* *their* *fault*.


As a news story, this started several days back:

   http://www.theregister.co.uk/2009/11/30/prevx_microsoft_black_screen/

   http://www.theregister.co.uk/2009/12/02/black_screen_u_turn/

but the actual story started about a week ago:

   http://www.prevx.com/blog/140/Black-Screen-woes-could-affect-millions-on-Windows--Vista-and-XP.html

Prevx has since withdraw its claims that the MS updates mentioned in that article are implicated at all:

   http://www.prevx.com/blog/141/Windows-Black-Screen-Root-Cause.html

...and it seems all the fuss is due to one part of Windows expecting that a (or "some" or "all" -- not quite clear) 
REG_SZ strings will be null-terminated as stored in the registry (or, at least, as output by standard regsitry query 
API calls), and the fact that the registry value setting API calls do not enforce null-termination of said REG_SZ 
string values.

Oh, and MS has known about this for a long time...

At a minimum, read the second Prevx item linked above for some of the juicy technical details.  It seems that 
SysInternals, among others, discovered the root cause of this problem several years ago.



Regards,

Nick FitzGerald


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Black screen Robert Slade (Dec 03)
- Re: Black screen Larry Seltzer (Dec 03)
  - Re: Black screen Larry Seltzer (Dec 03)
- Re: Black screen Martin Tomasek (Dec 03)
- Re: Black screen Drsolly (Dec 03)
- Re: Black screen Nick FitzGerald (Dec 03)
  - Re: Black screen Alex Eckelberry (Dec 04)
- <Possible follow-ups>
- Re: Black screen Juha-Matti Laurio (Dec 03)