Mark Russinovich, the security researcher who found the Sony Rootkit, posted the results of his analysis of the Windows metadata flaw on his “Sysinternals” blog.

As expected, he concludes that the flaw was an intentional piece of design that turned out to be very poor and insecure–not an intentional, malicious backdoor as has recently been claimed.

In a case of the maxim ‘never find maliciousness where error will suffice’, Russinovitch notes:

The vulnerability is subtle enough that the WINE project, whose intent is to implement the Windows API for non-Windows environments, copied it verbatim in their implementation of PlayMetaFile. A secret backdoor would probably have been noticed by the WINE group, and given a choice of believing there was malicious intent or poor design behind this implementation, I’ll pick poor design.

Telling against the conspiracy theories is the simple fact that this part of the design of WMF is approximately 15 years old (or more). It was designed at a time when local networks for personal computers were rare, let alone widespread connection of just about every PC to the internet. At that time, local windows code was inherently trusted, and the internet as attack vector was just not on Microsoft’s radar.

Of course, it doesn’t speak well that it was missed for so long, during so many revisions of Windows (particularly when Microsoft made security its big thing nearly four years before this flaw was noticed).

4:48 pm - posted by . Categories: Tech
No Comments