Microsoft struggles to wake from PrintNightmare: Latest print spooler patch can be bypassed, researchers say Any celebrations that Microsoft's out-of-band patch had put a stop PrintNightmare shenanigans may have been premature. The emergency update turned up yesterday for a variety of Microsoft operating systems; little-used products like Windows Server 2012 and 2016 were excluded from the interim release. While it initially …
- What would you want to fix today?
- A print spooler, please
- Here is a selection of open source codes, that look like may fix the issue, sir
- Which one do I choose?
- I suggest you gather your entire team and vote!
- Unfortunately we have a split vote. What should we do?
- Release each one and increase the telemetry. These are quality remixed open source codes, something must work!
- Sure thing, copilot!
(day later)
- Morning copilot! We have listened through telemetry and volume of moans rose by 55% and the current rate of fcks per minute is 15320. Some users also were found swearing and looking for their credit card, they are buying Macs! What do we do!?
- Okay folks. Let me see if I the secret model trained on private repositories is done. Hopefully, we can lift some professional source codes!
...
(of course this is just my imagination and this has not happened)
When were your bugs fixed in some other flavour of unix and when did M$ fix theirs or as your suggestion of "longest standing bugs" have they even bothered yet?
Also this particular "bug" has been around in windows so long that admins were using it as a feature to bypass security, strange that such a well known problem remained in so many versions of windows
Bearing in mind how anti-UNIX Dave Cutler was at the time, I think it is you who is mistaken.
Of course, you may be under the impression that BSD is UNIX, and in some ways it is, but it is not, nor has it ever been UNIXtm (Please note the trademark, as I am talking about the genetic UNIX code and branding, not the wider UNIX ecosystem).
The SCO tie up is not the The SCO Group that everyone now associates it with, but the original Santa Curz Operation. This was originally a UNIX Edition 7 port, which Microsoft had a license to use but did not sell directly, but as most people associate the TCP/IP code in Windows as the most likely ripped off code, and Edition 7 was a pre-networking release of UNIX, that code would have come from BSD.
Microsoft's pre-WindowsNT plan was to sell desktop DOS and Windows 2 and 3 systems clustered around servers running SCO Xenix. I can't remember why they changed, but they and IBM decided to change the model to Windows desktop clustered around OS/2 and then when IBM and Microsoft fell out, WindowsNT, which is where Dave Cutler came in after leaving the Digital Equipment Corporation.
Before AT&T spun off UNIXtm, they were very careful about making the code available to other parties, because of the US DOJ judgement about them.
Well, I've been using Linux for 24 years and I haven't had a virus, adware, trojan, worm, ransomware, or any other malware in that time ... feel free to narrow your arbitrarily vague caveat to specifically when I should be concerned and utterly afraid of the conceptually possible, pending doom.
True, but that exploit, primarily fruitful against servers because the attackers had time to collect information, was not platform-specific and affected all OSes equally. Choosing to use a more secure OS does not render my computer or data wholly immune or impervious from harm, it only makes it [significantly] more secure than the lesser option. Still, I haven't had to install antivirus or anti-malware software in over two decades. I open and use files I know to be infected with Windows-based exploits, they don't affect and I have no concern for my system or files. I don't pass them to others, but I don't worry for my system. Unfortunately, users of the major proprietary OSes cannot do or say the same. I spend 100 hours / week working on fixing, cleaning, updating, recovering data from mostly Windows-based computers; what a pain and waste of money and time fixing something when there's a better option ... of course, I don't mind too much, I get the satisfaction of helping someone and the fair compensation for the work.
Only if you can configure it properly. I've seen some diabolically set-up Linux machines in my time, that were wide open to attack, used weak passwords etc.
Linux has advantages, sure. But you can still completely balls it up and make Swiss cheese out of its security.
The best was a company that, in 2016, was still using SUSE Linux 7.0 (September 2009), because, well it is Linux, so it isn't vulnerable to attack... On turnkey systems it was selling to all its customers! They only changed, once they could no longer get an RAID Adapter with Kernel drivers for such an old Kernel!
The same here, well, over 34 years of Windows and never had a virus, adware, trojan, worm, ransomware or any other malware in that time. Apple System/Mac OS/OS X/macOS, the same.
I've only been using Linux since 2001, but it has a clean record as well, even though there is Linux related malware out there, just look at the IoT infiltration malware out there, where most of those IoT devices use Linux...
iOS and Android even shorter time, but no infections.
Just because you haven't been bitten, doesn't mean that there isn't malware for a platform out there, in the wild. The Western Digital NAS debacle last week, anyone?
If you secure your device and are careful, what you do with it and where you go etc. you can minimise the risk, but the risk is still there, regardless of the platform.
The default configuration, of having the primary user an administrator, on Windows is as shambolic today, as it was 20 years ago, when XP came out. But anyone with any sense leaves that account for admin purposes and uses an user account for everyday use.
We are domain admins, but we use non-domain administrator domain accounts for every day work and we don't even have local administration privileges on our own PCs. We have to use a separate administration account, when we want to install something or change the configuration, just like we do on our Linux boxes.
And I use that at home as well. My main Windows PC is used with a standard user, with an administration account in the background for administration purposes only. The same on my home Linux boxes.
First off the Print Spooler service should not be on by default that is just stupid.
Secondly I assume that "little used" in relation to server 2016 is a joke.
Releasing a patch for an in the wild exploit as part of the monthly updates, which are released a week early is just plain dumb, this should have been a seperately released patch that woudl at most need a spooler service restart to apply to a few print servers, rather than needing restart a bunch of business critical servers to apply the full monthly update.
Phrases like headless chickens and muppets spring to mind.
If it helps, they released the 2016 patch this morning, less than 24 hours after the other ones.
To Microsoft's credit, this is an out-of-band release being done because some careless Chinese infosec's released the PoC early - if they hadn't done so, all the releases would have come next Tuesday on the same day.
Wonder if the service will be default stopped in future builds, doubt it though its probably critical for network discovery to display icons that look like the printer your aiming at.
Can imagine the design meeting...
"we could write a new service to pull icons from the net"
"nah let's just use the remote driver installer running by default as it's always there"
"the remote what?, even on home editions??"
"yeah you know the Swiss army knife crafted by the legendary NT druids"
... Blank looks...
"the print spooler!!!"
"oh that's a good idea, it's amazing how the foresight of the ancients transcends the paradigm shift of the office and Internet, all hail the ancients"
They'll probably fix it the same time the fix the Windows Store apps from opening up a thousand firewall rules for apps that aren't even listening on ports. Don't hold your breath. But, Microsoft says you can't run Windows 11 on your current hardware because they are REALLY concerned about security. What a laugh.
Okay, the existence of the bug doesn't worry me. Things like that happen.
The nature of a quick fix not being sufficient doesn't worry me. They were on an emergency schedule, I would hope, so they needed to push something out.
What worries me is the thinking process behind "Hey, we'll just check if it's a remote file by looking for an initial character string in the filename".
That's a worrying, and dangerous, view of the thinking of whoever was responsible for fixing it. That's not how you patch a major worldwide security problem, not even on an emergency rapid scale.
And then you have the entire "your servers are vulnerable because they all run Print Spooler Service 24/7 by default, even if you don't have a printer, and it'll be totally open to the local net" thinking.
The initial bug may well be forgivable, but the CLASS of bug - in both the first place, and in the patch - are unforgiveable.
"That's a worrying, and dangerous, view of the thinking of whoever was responsible for fixing it. That's not how you patch a major worldwide security problem, not even on an emergency rapid scale."
It almost sounds as if it might be old code and there's no one left there that actually know how it works any more.
What worries me is the thinking process behind "Hey, we'll just check if it's a remote file by looking for an initial character string in the filename".
That's a worrying, and dangerous, view of the thinking of whoever was responsible for fixing it. That's not how you patch a major worldwide security problem, not even on an emergency rapid scale.
I bet someone's testing NTFS remote symbolic links as we speak.
\\server\resource -is- UNC, isn't it.
Ah well, my practice is to avoid exploring for more details about how computers can be hacked, in case what I find is a web page that hacks my computer. Or, links to fake patches. I just wait for the real patches to arrive. And then, the other real patches which also actually work against the problem and also cabbage don't carrot insert cauliflower vegetables potato every leek second tomato word. Broccoli.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
