Make smart financial decisions with DailyFinance

Steve Gibson says WMF vulnerability might be an intentional back door

Posted Jan 13th 2006 9:52PM by Marc Orchant

Conspiracy theorists will be dancing for joy if they listen the latest installment of the Security Now! podcast with Steve Gibson and Leo LaPorte. Gibson tries to explain, in his unique way, how a forensic examination of the Windows Metafile code has led him to the conclusion that this vulnerability is nothing of the sort. Unlike typical coding errors Microsoft has had called to their attention in the past, Gibson states that the code execution capability the recently issued patch disables could not have been the result of a mistake. It's an undocumented "feature" he claims was introduced during the Windows 2000 era and exists in all subsequent versions of the operating system.

Is he right? I've read the transcript and listened to the podcast and it appears he has substantial evidence to support his claim. I am not a developer so some of this is a bit over my head but I'm enough of a geek to be able to understand the logic behind what he's saying. It would explain why Microsoft classified this as a non-critical vulnerability in older versions of Windows including 98 and Me.

Gibson says he will investigate further this week and report back on the next show whether his initial assessment is correct. And he and LaPorte have extended an open invitation for someone from Microsoft to join them to rebut his claims. If this tuns out to be true, it's quite a bombshell - especially in light of the fact that this alleged back door should have been discovered during the code audit Microsoft conducted some time ago. If it turns out he's wrong, Gibson has a lot of apologizing to do.

Here's the description of the podcast with links so you can listen for yourself:

Description: Leo and I carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn't have the feeling of another Microsoft "coding error." It has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution "backdoor." We will likely never know if this was the case, but the forensic evidence appears to be quite compelling.

High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-022.mp3
Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-022-lq.mp3

UPDATE: Priceless banter on Channel 9 of the "Steve Gibson is a snake-oil salesman" variety in response to Gibson's claim. This could get very interesting. It's bound to be entertaining at the very least.

UPDATE 2: The definitive explanation from Stephen Toulouse at the Microsoft Security Response Center blog via Scoble.
Developer Tools
.Net Framework (7)
Alternatives (0)
Dev Tools - General (6)
Visual Studio (6)
Win32 (0)
WinFX (0)
Web Offerings
Gadgets (1)
Internet Explorer (6)
MSN (8)
Office Live (1)
Windows Live (10)
Windows
2000 (0)
Media Center Edition (MCE) (0)
Mobile (5)
Tablet PC Edition (7)
Vienna (0)
Vista (43)
Windows - General (62)
XP (29)
Gaming
PC (3)
XBOX (2)
XBOX 360 (3)
How-To
General How-To's (3)
Tips and Tricks (4)
Tutorials (0)
Office
Access (0)
Excel (1)
FrontPage (1)
InfoPath (1)
Office - General (11)
OneNote (3)
Outlook (6)
PowerPoint (1)
Publisher (0)
Word (2)
Server Systems
BizTalk (0)
Exchange Server (1)
Live Communication Server (0)
Servers - General (0)
Speech Server (0)
SQL Server (0)
Windows Server (1)
Microsoft
Origami Project (16)
Competition (15)
Financial (2)
Legal Issues (7)
News and Info (75)
Trends and Buzz (70)

RESOURCES

RSS NEWSFEEDS

Powered by Blogsmith

Other Weblogs Inc. Network blogs you might be interested in:

Autoblog Latino
DIY Life
Luxist
BloggingStocks
Slashfood
Gadling