WMF and RTS games on Xbox360
Wow thanks for all the great feedback on the MSRC blog entry. I'm glad people liked the detail and history on the issue. Again special thanks to the SWI guys, as well as Raymend Chen, and Larry Osterman for the historical context and nitty gritty technical detail.
WMF is a different issue than the normal "coding flaw". And I think that's what people are latching onto, it's a software feature being used in an unintended way, giving rise to the attack vector. This happens from time to time and it's much harder to catch than code that uses unsafe functions or trusts that no one will try to abuse an input buffer. In a way, it reminds me of the user
assword issue we ran into with Internet Explorer, where people were exploiting that functionality to fool web users into visiting malicious sites. There, as we have before, we deprecated unsafe functionality.
And because I think, of the breadth of the code base (where we're looking at Windows 9x which is one set of code, and Windows NT/2000/XP, which is actually three sets of code, but all four intermingle code) each OS handles it in different ways. You get oddities like 9x not processing the SetAbortProc record and not having an application by default that opens a path to the vuln.
Believe me if we could go back in time and prevent the vulnerability from occuring, we would have. But of course, that's true of any vulnerability, whether it's based off of functionality that we didn't see could be misused or based off of a coding flaw. In this case it was just old design. With 20/20 hindsight, it was bad design. People may say "this shouldn't have been missed! It's unbelievable to me that this was missed!" My reply back to that is "You're right. Nothing should ever be missed, ever. But software authors are human." It's not the perfect world we would like it to be. Hindsight is 20/20 as I already mentioned, and we have moved to correct the problem.
So how then did this get missed? Well again a lot of our focus has been on restricting the use of unsafe functions and making sure coding flaws or unsafe practices don't creep into the code, and addressing areas where it already exists. There's been a ton of progress there. But we do have our SDL process. And that process is an ever evolving one. So we're making changes to it to try and catch these instances. We do a root cause analysis on all vulnerabilities to understand the problem, learn from it, and correct it.
Anyways, again I appreciate the feedback on the post.