Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

.ANI Vulnerability Patch Breaks Applications

CmdrTaco posted more than 7 years ago | from the this-is-only-gonna-hurt-twice dept.

Security 164

Jud writes "Microsoft's fix for the .ANI vulnerability was part of Patch Tuesday yesterday. However, all is not well with the update. Reportedly, installing the patch will break applications such as Realtek HD Audio Control Panel and CD-Tag, which mentions they are affected by the problem on their main page. A hotfix is currently available from Microsoft, however their current position is this is an isolated problem and the fix is not planned to be pushed out through Microsoft Update. "

cancel ×

164 comments

Sorry! There are no comments related to the filter you selected.

Hehe (2, Insightful)

Mateo_LeFou (859634) | more than 7 years ago | (#18604655)

"their current position is this is an isolated problem"

Weird, 'cause I hear about one of these stories almost every week. Isolated in what sense?

Re:Hehe (1)

ady1 (873490) | more than 7 years ago | (#18604717)

All the effected cursors are in sandtank with sand all over them. So year, they are isolated.

Re:Hehe (1)

krakelohm (830589) | more than 7 years ago | (#18606059)

What?

Re:Hehe (4, Interesting)

mwvdlee (775178) | more than 7 years ago | (#18604857)

They released a patch yesterday, discovered problems with it since yesterday then fixed it today. Yet you've been hearing about these problems for weeks?

Re:Hehe (1)

keisar (1084073) | more than 7 years ago | (#18604947)

He can forsee the future.

Re:Hehe (1)

bradkittenbrink (608877) | more than 7 years ago | (#18605175)

So where's the little star next to his name?

Re:Hehe (1)

Mateo_LeFou (859634) | more than 7 years ago | (#18605183)

"Microsoft Lost the Backwards Compatibility Religion

Inside Microsoft, the MSDN Magazine Camp has won the battle...."

From one of the best articles [joelonsoftware.com] a guy can read

Re:Hehe (3, Informative)

Anonymous Conrad (600139) | more than 7 years ago | (#18605709)

They released a patch yesterday, discovered problems with it since yesterday then fixed it today. Yet you've been hearing about these problems for weeks?
Actually, no, they did know about this ahead of time. From the MSRC blog [technet.com] :

The result of our comprehensive testing is that at the time of release, only one minor quality issue was known and guidance as well as a hotfix was ready for customers at the same time of release.
I'd guess they haven't had time to put the hotfix through the full test cycle yet but still needed to release the general fix.

Re:Hehe (1)

docrmc (551146) | more than 7 years ago | (#18606757)

"These problems" was used generally. As a matter of fact, to attest, I have been seeing windows updates break svchost [microsoft.com] for over a month now. This update was no exception. Then, like now, MS delivered a fix. They just delivered the fix faster this time, and it actually works ('cause I have not proven their last "fix" [microsoft.com] did.

To be honest, I didn't even realize it was breaking other things because I was too busy fixing that problem to notice.

P.S. - most of the fixes for the Generic Host errors that i read online were convoluted. ...I swear some people never heard of F8... Just glad I won't have to go through that again with the 200-odd systems in front of me.

Re:Hehe (4, Insightful)

t0tAl_mElTd0wN (905880) | more than 7 years ago | (#18605093)

You know, it's really starting to get to me, everyone beating on MS all the time. I mean, when you're the biggest, a lot of times your flaws stand out easier. Really, so what if a bunch of geeks on their spare time can write a 3D interface which performs better, and existed much earlier than the product of ten times as many full-time professionals? So what if you can do awesome things like formatting an empty file with its own filesystem? I mean, a huge security vulnerability in animated mouse cursors, and then releasing a patch that breaks more than it fixes... that's a mistake anyone can make, right? Well... apparently except for Linux, Apple, Amgia, Palm, BSD, or... well, pretty much anyone else.

Sarcasm aside, how exactly did it come to pass that the guy who wrote the code for animated mouse cursors managed to open an "extremely critical" security vulnerability in the process... and then how did it become so important that fixing it breaks applications which relied on said bug?

I'm sorry, I'm not entirely 100% anti-MS (XBox Live owns, Visual Studio .NET is one of the best IDEs that I've ever used, etc.) but really, these are some mighty clumsy mistakes to be making considering the magnitude of some of their more powerful clients [slashdot.org] ...

Re:Hehe (1)

BlueTrin (683373) | more than 7 years ago | (#18606283)

Wow you got modded positively while defending MS, you might try to bash alit bit Linux the next time to check if we are assisting in a shift in /. base.

Re:Hehe (1)

BeansBaxter (918704) | more than 7 years ago | (#18606553)

I think you missed his sarcasm.

Re:Hehe (1)

BlueTrin (683373) | more than 7 years ago | (#18606609)

Nah I didn't miss it, he said alot of true things about XBox Live! and Visual Studio ...

Re:Hehe (3, Interesting)

adisakp (705706) | more than 7 years ago | (#18606755)

"their current position is this is an isolated problem"

I have a fairly new Dell XPS600 (1 year old) and the update borked my machine due to the realtek program. I got some obscure message about how rtdcpl.exe was performing an illegal access trying to move some OCX DLL.

I was able to solve the problem by Google Searching and installing the MS hotfix. The only problem now is that "hotfix" makes it so I have to wait about 1 minute longer after I log in before I can access the internet. I used to be able to pop-up IE right away and surf but now if I do that, I get the error page for site not found for about 1 minute before things start working normally.

I don't know how isolated it can be since Dell alone has sold millions of PC's with realtek audio chipsets.

Re:Hehe (0)

Anonymous Coward | more than 7 years ago | (#18607105)

Geez man look around you... It is isolated to windows...

Re:Hehe (0)

Anonymous Coward | more than 7 years ago | (#18607287)

What they mean is that it's isolated to Microsoft OSes only.

Craig

Other affected programs: Tugzip... (4, Informative)

semifamous (231316) | more than 7 years ago | (#18604669)

My archiving application of choice, Tugzip [tugzip.com] is also affected by this update and the mentioned fix took care of the problem.

Anyone's surprised? (3, Funny)

keisar (1084073) | more than 7 years ago | (#18604693)

Microsoft breaks something when patching something else? I'm surprised. Really. I am. No, really. I am.

Re:Anyone's surprised? (1)

Yetihehe (971185) | more than 7 years ago | (#18604891)

Oh really? Thats unposiible!

Re:Anyone's surprised? (1)

TheNetAvenger (624455) | more than 7 years ago | (#18604939)

Do you think that it is possible that maybe Microsoft has to compensate for every bad developer in the world using unsupported or corrupt format cursors?

Re:Anyone's surprised? (4, Insightful)

cheater512 (783349) | more than 7 years ago | (#18605281)

Uh...Ever heard of not playing a corrupt ANI file? Theres no need to have exploits there nor is there a reason to break existing functionality.

If you read the hotfix page you'd see this:

The Hhctrl.ocx file that is included in security update 928843 and the User32.dll file that is included in security update 925902 have conflicting base addresses. This problem occurs if the program loads the Hhctrl.ocx file before it loads the User32.dll file.
So yes it is Microsoft's fault that they screwed up.

Re:Anyone's surprised? (2, Insightful)

Anonymous Coward | more than 7 years ago | (#18605479)

Do you think that it is possible that maybe Microsoft has to compensate for every bad developer in the world using unsupported or corrupt format cursors?


It's not only possible. It's mandatory. It's called input validation, and everybody else is doing it. The only reason I can see why Microsoft is an exception is that they have convinced people like you that it's not their fault if *their* software breaks. Get a clue.

Re:Anyone's surprised? (0)

Anonymous Coward | more than 7 years ago | (#18605663)

since any monkey can be a "developer" (or a virus author) without knowing what they're doing with those development environments they put out they should expect to have a lot of bad software as a result of that.

Re:Anyone's surprised? (1)

howlingmadhowie (943150) | more than 7 years ago | (#18606929)

it's like an abbott and costello film...

Re:Anyone's surprised? (4, Funny)

pilgrim23 (716938) | more than 7 years ago | (#18607345)

Cursor's Foiled AGAIN!

This was not patch Tuesday (5, Informative)

Anonymous Coward | more than 7 years ago | (#18604765)

Patch Tuesday is the second Tuesday of each month. This was an out of cycle patch released.

Re:This was not patch Tuesday (1)

Rik Sweeney (471717) | more than 7 years ago | (#18605351)

Patch Tuesday is the second Tuesday of each month. This was an out of cycle patch released.

So what you're saying is that they've got 6 days left to patch the patch?

Re:This was not patch Tuesday (3, Funny)

Opportunist (166417) | more than 7 years ago | (#18605667)

So this was "break Tuesday" then?

Except for down under (2, Funny)

MadMidnightBomber (894759) | more than 7 years ago | (#18606481)

...unless you're in NZ or Australia, when Patch Tuesday is on Wednesday.

Before all the lame bashing.. (4, Insightful)

madsheep (984404) | more than 7 years ago | (#18604935)

I just wanted to make a quick post before I see all the standard lame M$ bashing gets out of hands from a ton of idiots that are most likely using Windows while posting.

This is exactly why it takes Microsoft so long to put out patches sometimes. Unlikely all these free and open source packages, Microsoft Windows is actually used by tons of users at home and in the business world. People need their machines to do their daily activities and jobs. This is why so much testing is needed before something can just be shoved out there. This is why you tend to see this sort of thing from patches released out of cycle. It obviously has not and could not have been tested as much (and yes sometimes problems occur with patch Tuesday patches).

You might not see as many issues with *nix based systems. Why? Well, there just are as many users. This might sound like a cliche but it is a fact. Look at when official Redhat patches and other updated packages actually come out. They come out days, weeks, and months later. Sure there is some patch that some random guy hatched together -- the power of open source!! However, if you were to apply that untested P.O.S. across the world in tons of real environments, you'd probably have a shitton of problems.

This does not excuse problems with patches, but at least it came quicker. Remember, M$ has to release stuff that fortune 1000, government, home users, and everyone else can live with. Pushing some patch 30 minutes later for an OSS package that 2000 rag tag home users use.. just isn't the same.

Re:Before all the lame bashing.. (0, Flamebait)

keisar (1084073) | more than 7 years ago | (#18605071)

"Remember, M$ has to release stuff that fortune 1000, government, home users, and everyone else can live with. Pushing some patch 30 minutes later for an OSS package that 2000 rag tag home users use.. just isn't the same." Yeah, obviously no one in the corporate world or agencies in governments use Linux or a *nix OS. Yeah not a single one. Oh wait...

Re:Before all the lame bashing.. (1)

backbyter (896397) | more than 7 years ago | (#18605087)

>Remember, M$ has to release stuff that fortune 1000, government, home users, and everyone else can live with. Most large shops do not allow patching via MS update. Most large shops review the patch, send off the ones they are contemplating to apply to the in house testers, then wait until standard installed systems and critical in house application have tested. Then the patches will be applied.

Re:Before all the lame bashing.. (5, Insightful)

camcorder (759720) | more than 7 years ago | (#18605237)

It's not time taking releasing the patch, it's the design decition done by a software company with its flagship product used by millions. You put a useless feature like handling .ani in HTML with your renderer, you also embed this renderer everywhere throughout your "OS", then for sure it would take lots of time to test for problems for such a single fix in .ani file handler. We saw same scenerio in past dozens of times.

Having millions of users might be an excuse, but having a bad design can't, if you claim to be developing best software.

I really find it just plain spreading FUD to compare open source software equivalent microsoft software with those metrics. Blah, blah, but it's used by millions, see what happens when open source is used by millions. Just wondering how many in those millions compare design decisions taken during software development of product they use. What's lame is not seeing how broken design of some parts of the software, not bashing due to these flaws.

Re:Before all the lame bashing.. (2, Interesting)

PinkPanther (42194) | more than 7 years ago | (#18605731)

I'm not justifying the .ANI feature, but recognize that IE is far more than a simple "web browser". With features such as HTML Application [wikipedia.org] , IE can be used for developing extremely rich enterprise applications...which is where most of the "bloat" comes in.

Yes, you mightn't need a full development environment inside of your word processor or web browser, but they didn't spend time and energy putting those features in there for nothing. Someone determined that the bloat would make them more money...based on their revenue stream, I'm going to say that they were right.

Re:Before all the lame bashing.. (1)

0123456 (636235) | more than 7 years ago | (#18606337)

"I'm not justifying the .ANI feature, but recognize that IE is far more than a simple "web browser"."

But that's the whole problem.

Re:Before all the lame bashing.. (1)

PinkPanther (42194) | more than 7 years ago | (#18607003)

From your point of view, maybe. But, again, MS put in the features you aren't using because someone wanted to pay for them.

Re:Before all the lame bashing.. (3, Interesting)

afidel (530433) | more than 7 years ago | (#18605895)

Useless feature??!?

Uh, several of our enterprise webapps used animated cursors to let the user know that something is being processed. Maybe to a clueless geek user feedback is a useless feature, but to anyone who knows about UI design it is a requirement. The real sin with this patch is that this bug was already patched TWO years ago, but they meerly patched the codepath for the known vulnerability and left it at that, they did not look at the actual cause of the problem and so we have the same vulnerability with a twist come out two years later.

Re:Before all the lame bashing.. (4, Insightful)

phasm42 (588479) | more than 7 years ago | (#18606475)

How about an hourglass? The animation is merely for looks, the animation is not necessary for feedback. It's not like the animation is actually tied to the progress anyways. It's like those sites that use animated GIFs as a "progress bar" -- there is nothing tying progress of the task to progress of the animation.

Re:Before all the lame bashing.. (1)

keisar (1084073) | more than 7 years ago | (#18605297)

>Remember, M$ has to release stuff that fortune 1000, government, home users, and everyone else can live with. Pushing some patch 30 minutes later for an OSS package that 2000 rag tag home users use.. just isn't the same. Can you please explain to me when a company like Bank of America became a "rag tag home user"?

Re:Before all the lame bashing.. (2, Insightful)

cheater512 (783349) | more than 7 years ago | (#18605397)

Context is important here.

A security exploit in animated cursors and then they stuff up a number of other applications trying to patch the exploit.
This isnt Internet Explorer. Its a simple animated cursor.

And yeah I am using Linux and have been for years. Happy?

Re:Before all the lame bashing.. (1)

Dan_Bercell (826965) | more than 7 years ago | (#18607123)

The vulnerability can be exploited from emails and IE. Its not like you need to turn on a certain animated cursor to get hit.

Re:Before all the lame bashing.. (1)

keisar (1084073) | more than 7 years ago | (#18605407)

http://www.linux-foundation.org/en/Members [linux-foundation.org] Gosh, nothing but a bunch of rag tag users. I tell ya what. Not a single Fortune 1000 company in that list. *rolls eyes*

Re:Before all the lame bashing.. (0, Flamebait)

kosmosik (654958) | more than 7 years ago | (#18605465)

> This is exactly why it takes Microsoft so long to put out patches sometimes.

Yeah like allowing websites to load animated cursors is great idea of bloat. WTF you would event want to do that? When using operating system shell I have my OWN set of cursors and it is totally stupid to even add such feature...

So take it like this (it is quite obvious). Windows is bloated. Bloat means that in every stupid feature that nobody uses can be a but. Bloat means that patching is hell because it is so bloated that things will break when removing the stupid feature that nobody had used anyway.

What was few last MS critical holes that all spammers and alike were targeting? I guess something related to some obscure *.MHT (FIXME) format that nobody even knows what it does and now another *.ANI format - that yet is even more stupid that it resides in Windows since the day one.

They wan't a stable, lean system? Rewrite it from scratch and run legacy apps in legacy OS emulation. Like Apple did with OSX.

Now Windows is like big layered cake that have been here for few years. It always gets another layer (think OS version) on top of previous. The previous layers start to rot, then some worms comes out thru the new shiny layer, so you patch the layer with a candy. And so on...

Re:Before all the lame bashing.. (1)

wwahammy (765566) | more than 7 years ago | (#18606305)

I always like when people say anything they don't like is "bloat". Lots of my non-computer geek friends think those animated cursors are neat. I find them moronic but that's my opinion. Quit calling things you don't like "bloat".

Re:Before all the lame bashing.. (0)

Anonymous Coward | more than 7 years ago | (#18606773)

I guess something related to some obscure *.MHT (FIXME) format that nobody even knows what it does


MHT isn't an obscure format, it's RFC 2557. And it's very useful for saving web pages without messing with directories. So useful, Opera and Safari support it by now (Firefox is late as usual).

Re:Before all the lame bashing.. (4, Insightful)

CowTipperGore (1081903) | more than 7 years ago | (#18605501)

However, if you were to apply that untested P.O.S. across the world in tons of real environments, you'd probably have a shitton of problems.
At least we know [techtarget.com] this [netscape.com] doesn't [techspot.com] happen [com.com] with [com.com] Microsoft [microsoft.com] patches [microsoft.com] .

Re:Before all the lame bashing.. (2, Funny)

chavo valdez (206049) | more than 7 years ago | (#18606181)

How long have you been saving that one up?

Re:Before all the lame bashing.. (2, Funny)

CowTipperGore (1081903) | more than 7 years ago | (#18607053)

How long have you been saving that one up?
It took me about 90 seconds with Google...

Re:Before all the lame bashing.. (1)

spellraiser (764337) | more than 7 years ago | (#18605523)

Unlikely [sic] all these free and open source packages, Microsoft Windows is actually used by tons of users at home and in the business world.

Yeah, it's not like MySQL or Apache are used by anyone. Or PHP, Perl, Java, Firefox ...

Time for computers 101 (1)

Dan_Bercell (826965) | more than 7 years ago | (#18607277)

Windows is a Operating system, how the hell can you compare those applications / languages to Windows for security issues?

Re:Before all the lame bashing.. (4, Insightful)

lenski (96498) | more than 7 years ago | (#18605549)

Pushing some patch 30 minutes later for an OSS package that 2000 rag tag home users use.. just isn't the same.


2000 ragtag home users? You are smarter than that, I can tell by the quality of your writing and sentence structure alone. While some OSS packages serve small communities, there are lots of packages that serve large and diverse communities. (PostgreSQL, Apache, the Linux kernel, Firefox, the list goes on). Those packages have, on occasion introduced vulnerabilities due to the natural vicissitudes of software development. And when their vulnerabilities are discovered, they get fixed quickly. (And this one hit me this morning: I don't need Linux Genuine Advantage for permission to receive updates to my damn software!!!)

It is worth noting, however, that such vulnerabilities are nearly always limited in scope due the inherently modular nature of the OSS world. Microsoft built a highly integrated system to support its business model. They are welcome to their high integration approach. And those of use who do not appreciate the effects of that way of doing business are welcome to complain when it wacks the shit out of our families' productivity when we are trying to get some proprietary fix.

I don't need Linux Genuine Advantage... (3, Funny)

symbolset (646467) | more than 7 years ago | (#18606549)

But of course it's available if you do want it [linuxgenui...antage.org] .

Naturally Linux Genuine Advantage is open source, and not to be outdone by Microsoft platform hackers a hack is available to auto-certify LGA without actually contacting the LGA server.

Re:Before all the lame bashing.. (0, Offtopic)

josh_miller (104618) | more than 7 years ago | (#18605641)

You were modded insightful. I would have chosen "Insightful and Trolly".
Your point is a good one, but you needlessly come across as hostile to OSS.

Re:Before all the lame bashing.. (0)

Anonymous Coward | more than 7 years ago | (#18605747)

Since most ./ posters come across as needlessly hostile to MS, it is a troll (i.e. minority viewpoint) post. But that doesn't make it less insigntful.

...you will make your own bashing (1)

drinkypoo (153816) | more than 7 years ago | (#18605767)

Pushing some patch 30 minutes later for an OSS package that 2000 rag tag home users use.. just isn't the same.

Perhaps you have not noticed that a majority of fortune 500 companies are using Linux in some capacity.

Rag Tag home users? You don't have a job, do you?

Re:...you will make your own bashing (0)

Anonymous Coward | more than 7 years ago | (#18606175)

You don't have a job, do you?
Hey, Microsoft has paid people in the past to astroturf for them, so I wouldn't be so certain that he doesn't have a job. Do you really think they don't have paid shills sitting on Slashdot?

Re:Before all the lame bashing.. (1)

uvayankee1 (990155) | more than 7 years ago | (#18606097)

This is exactly why it takes Microsoft so long to put out patches sometimes.
The problem here is that MS did have a long time to put out the patch (the vulnerability was reported to them 3 months ago) and yet they did not do anything about it until it was already a zero-day exploit, and then their patch breaks applications. That doesn't look good for any group, open or closed source.

Re:Before all the lame bashing.. (1)

VertigoAce (257771) | more than 7 years ago | (#18607545)

Actually, I imagine the dev team had a patch ready within a short time of it being reported in December. The initial patch probably broke a lot more stuff than the released one does. Microsoft tests patches against a huge number of applications and configurations as part of their regression testing. As long as it's not being exploited, it's better for MS to keep working on compatibility issues. Once the exploit was public, MS pushed it out the door with one remaining compatibility issue and a hotfix for that issue (a hotfix is a patch that hasn't gone through the full regression testing - it may break more than it fixes, so it is only for people experiencing a specific issue; hotfixes get grouped together and go through full testing for each service pack).

Point of Order: (1)

Penguinisto (415985) | more than 7 years ago | (#18606121)

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20070209 Fedora/1.5.0.9-3.fc6 Firefox/1.5.0.9 (yeah, yeah - haven't fiddled with an upgrade yet... sue me).

Now - forget the dazzling array of hardware and software to check against. This .ani thingy is a UI issue that should --at worst-- munge the way an app's mouse cursor animation looks, but not munge the app itself, or even think of touching OS stability.

C'mon... we're not talking about patching the TCP/IP stack, or patching against ntldr here... it's a mouse cursor. How piss-poor does an OS design have to be in order to have a tiny subset of a tiny subset the UI... break stuff!?

/P

Re:Point of Order: (1)

phasm42 (588479) | more than 7 years ago | (#18606649)

Although I find the fact that a bad animated mouse cursor can subject me to a remote code execution exploit to be adding insult to injury, this isn't something unique to Windows. Something has to parse the cursor file, and it runs as whatever the current user is, and thus has the privileges of the current user. If Linux's GUI had a shitty implementation of an animated mouse cursor file, it would subject to the same exploit (but probably with less damage because you're less likely to be running as root).

Re:Point of Order: (2, Informative)

code65536 (302481) | more than 7 years ago | (#18606701)

Well, for starters, changing the mouse cursor is a part of the official W3C CSS specs...
http://www.w3.org/TR/CSS21/ui.html#propdef-cursor [w3.org]

In other words, *something* has to be able to load and process the mouse cursor. And if the thing that loads and processes the mouse cursor falls prey to a buffer overflow, then you've got yourself a vulnerability. Since it's the OS that handles and draws the mouse (so it's not an IE thing; FF will fall prey to this too), it's the OS that handles the mouse cursor, so a buffer overflow there means that it's the OS that gets compromised--the very same thing could happen in any other OS if there was a similar mistake. So they forgot a length check. Shit happens.

The sad life of a Windows developer (1, Troll)

symbolset (646467) | more than 7 years ago | (#18606393)

Developers, developers, developers

Many of them trying to keep afloat the bastardized zombie of a legacy project begun in DOS and ported to Win 3.1, Win32, Win64, .NET, Sun Java, MSJava, Sun Java again and Vista. None of them with Microsoft's preferred and undocumented internal APIs for any of those systems. Many of them with no clue how to write good code, managed by non-programmers who can't tell. Each of them insisting that each revision has slain their sacred cow. So many of them that any patch no matter how trivial breaks some critical application for some enterprise somewhere.

Working against a system that has to be so locked down a non-admin can't save a shortcut on the desktop, and still isn't secure.

They've built their house upon the sand and act surprised that it falls on them frequently. It's like a physical comedy where the same stupid ladder gag gets the laughs no matter how many times the audience has seen it.

Vista published in 2007 vulnerable to the functional equivalent of Comet Cursor, published in 1995. That's rich humor there, boy.

--- making a mint rolling back Vista "upgrades": priceless.

Re:The sad life of a Windows developer (0)

Anonymous Coward | more than 7 years ago | (#18607539)

> They've built their house upon the sand

They wrote it in C and forgot a length check. Thank god no other operating system is written in C, eh?

Re:Before all the lame bashing.. (1)

kripkenstein (913150) | more than 7 years ago | (#18606619)

You might not see as many issues with *nix based systems. Why? Well, there just are as many users. This might sound like a cliche but it is a fact.
No, that isn't the issue. There are several matters here. One of them: FOSS software has sources available. It is far easier, for certain types of patches at least, to check if there will be problems by checking source code. Even a simple grep can tell you what apps rely on the element you are changing. Furthermore, the patch's source is shown to the app developers, so if a fix is needed, it can be done more quickly. Working with source is simply much more convenient that working with binaries.

It's been 3 months and counting... (1)

Dan_Bercell (826965) | more than 7 years ago | (#18607069)

I am very pro MS, but they have known about this issue for over 3 months now, it has just been 1-2 weeks since people have published the issue publicly, provided proof of concept code and it has been used in malware/virus attacks.
 
So they could have had a patch released months ago and avoided all of this.

Re:Before all the lame bashing.. (1)

slugstone (307678) | more than 7 years ago | (#18607157)

Oh is that so. What is the most used web server? http://news.netcraft.com/archives/web_server_surve y.html [netcraft.com]

What is the most used Email server? http://www.credentia.cc/research/surveys/smtp/2003 04/ [credentia.cc]

It sure is not M$ stuff. I bet Major companies, Goverments, and home users use them. They get patched next day when the exploit is discovered. Not when the public finds out about it.

Hmmm

*SIGH* (1)

Arkaic (784460) | more than 7 years ago | (#18607315)

Wtf is this modded as insightful? The poster just shows that he has his head buried in the sand if truly believes that no major corporations rely on open source every day. What a lame open source basher.

I have Realtek HD Audio Control Panel (0)

Anonymous Coward | more than 7 years ago | (#18604953)

Lucky I didn't install the patch!

This looks like something vendors could fix. (1)

xxxJonBoyxxx (565205) | more than 7 years ago | (#18604977)

From TFKB...

This problem occurs if the program loads the Hhctrl.ocx file before it loads the User32.dll file.


This looks like something vendors could fix without a "hotfix" from MS.

Re:This looks like something vendors could fix. (1, Informative)

Anonymous Coward | more than 7 years ago | (#18606041)

There's an important sentence that comes right before the quoted one (emphasis added):

The Hhctrl.ocx file that is included in security update 928843 and the User32.dll file that is included in security update 925902 have conflicting base addresses.


Re:This looks like something vendors could fix. (1)

azrider (918631) | more than 7 years ago | (#18607957)

Just out of curiosity:

There's an important sentence that comes right before the quoted one (emphasis added): The Hhctrl.ocx file that is included in security update 928843 and the User32.dll file that is included in security update 925902 have conflicting base addresses.
Why is the base address hardcoded instead of being resolved by the system at runtime???

Re:This looks like something vendors could fix. (1)

sqlrob (173498) | more than 7 years ago | (#18607907)

Both are DLLs from MS. Therefore, it is MS' fault.

he (1)

godsfilth (999026) | more than 7 years ago | (#18605085)

seems to be affecting calc.exe and avg on my computer and the patch dosnt seem to fix either but still gotta love that its affecting microsofts own stuff

Re:he (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#18605161)

gotta love that its affecting microsofts own stuff

Microsoft produces Realtek HD Audio Control Panel and CD-Tag?

Re:he (2, Interesting)

cnettel (836611) | more than 7 years ago | (#18605315)

If it does affect calc.exe, it rather seems like you have some DLL injection (keylogger/spyware, or something legit) that then causes this. If they messed up the base address, or just increased the size over a previously valid boundary, all kinds of DLLs with preferred addresses in the same region could start causing interference.

You simply have to be careful with the address space if you are a library that will be dynamically loaded in plenty of images, especially if you are loaded very early on.

(Heh, last summer, I got the genius idea that the base addresses were probably not optimal after all hotfixes and 3rd party software, so I started a gigantic rebase on the complete system32. That's a baaaad idea. I should at least have had enough sense to exclude NTOSKRNL, but I obviously didn't. Repair was fun...)

What about Windows 2003? (0)

davidbrit2 (775091) | more than 7 years ago | (#18605303)

Anybody know if this Realtek problem is an issue on Win 2003? My personal/development/tinkering machine is running 2003, and just so happens to have Realtek audio hardware, with their control panel that's specifically mentioned. The hotfix to remedy the issue refuses to run on 2003. (Side note: I hate that crap. Why the hell shouldn't I be able to install XBox 360 controller drivers on Windows 2003 if I jolly well want to?) I don't want to jump in and install this security patch if it's going to break stuff on my OS...

Realtek HD Audio exists on a lot of PCs... (3, Informative)

tlhIngan (30335) | more than 7 years ago | (#18605639)

A lot of machines have the Realtek HD Audio thing in them to provide audio - notably most of the Core/Core2 based ones (HD Audio is a standard by Intel, Realtek being one of the first to offer it).

Seems like this isn't really an "isolated" problem, but a fairly common one if you own a desktop made in the last year or a recent laptop...

Re:Realtek HD Audio exists on a lot of PCs... (1)

jsupreston (626100) | more than 7 years ago | (#18605961)

I'm running into it right now with brand new HP dc7700 systems here at work. MS knowledgebase was no help, but the first hit I got using Google Groups pointed me back to the MS site and the patch. May look at getting the newer driver someone else posted. I agree that this shouldn't be considered an isolated issue. I've seen a lot of machines make use of Realtek's audio lately. Fortunately for me, I only have 3 of these systems on the network right now. I could see how it could cause a lot of grief in a large shop with a number of these systems. MS should go ahead and roll the hotfix into the patch so that we don't have to go running around trying to find the hotfix or newer drivers.

Re:Realtek HD Audio exists on a lot of PCs... (1)

jupiterssj4 (801031) | more than 7 years ago | (#18606135)

So THAT is why I am getting this illegal exception error since restarting my computer today. I have an Acer Travelmate 8210 and it has he realtek HD audio. Now, what to do to get it to work again. Grr microsoft, test things out before you force patched down our throats! I use firefox and therefore don't have to worry about .ani corrupted files anywaya!!!

Re:Realtek HD Audio exists on a lot of PCs... (2, Informative)

code65536 (302481) | more than 7 years ago | (#18606583)

Incorrect. The ANI vulnerability affects Firefox as well.

Re:Realtek HD Audio exists on a lot of PCs... (2, Insightful)

poot_rootbeer (188613) | more than 7 years ago | (#18607757)


Windows comes with a perfectly usable GUI interface to volume controls and other audio hardware settings. Why did Realtek have to create a crapware application to do the same thing?

I had the Realtek issue..... (2, Interesting)

8127972 (73495) | more than 7 years ago | (#18605715)

... and all I had to do to solve it was go to Realtek's site [realtek.com.tw] and download the latest version of their driver. Problem solved (knock on wood).

So.. If the fix is that simple, is this issue really an issue or is this issue blown out of proportion?

Re:I had the Realtek issue..... (0)

Anonymous Coward | more than 7 years ago | (#18606299)

I had this problem occur as well, and I also was able to solve it with a simple re-installation of the latest driver package from Realtek.

Re:I had the Realtek issue..... (1)

Spad (470073) | more than 7 years ago | (#18607593)

You can install the latest version of their driver, I can install the latest version of their driver, but most users do not even know what a driver is, let alone that downloading and installing the latest version of it will resolve the fact that their copy of [application] is now crashing randomly referencing some .ocx file.

Re:I had the Realtek issue..... (1)

lostboy2 (194153) | more than 7 years ago | (#18607883)

all I had to do to solve it was go to Realtek's site and download the latest version of their driver
It occurs to me that updating the Realtek driver might not solve the root problem. The Microsoft KB article [microsoft.com] states that

The Hhctrl.ocx file that is included in security update 928843 and the User32.dll file that is included in security update 925902 have conflicting base addresses. This problem occurs if the program loads the Hhctrl.ocx file before it loads the User32.dll file.
Updating the Realtek driver probably fixes the Realtek HD Audio Control Panel so that it doesn't load Hhctrl.ocx before User32.dll, but other programs/drivers that you install later might.

So, you might run into a similar problem until/unless you install the hotfix (a link is included in the Microsoft KB article) which, presumably, fixes Hhctrl.ocx so that its base address does not conflict with User32.dll. The KB article doesn't explicitly say what the hotfix does, though, so I could be totally wrong about that.

Is it just me... (0, Troll)

Cheezymadman (1083175) | more than 7 years ago | (#18606169)

Or does it seem like no matter what MS does, they have people on their back? Ok, so there's a major flaw in animated cursors. They fixed it. IN ONE DAY. Now, there's a problem with the fix. Ok? Anyone here doubt that they'll have a hotfix in under two days for this too? Aside from the fact that Windows is the only OS that lets me do whatever I want on my computer (n atively, for that matter), they're the only company that actually gets things done quickly. When something's broke, you fix it. You don't say "well, it's not that bad, let's just hope the users don't notice it." I'm just tired of hearing everyone bash Windows, when I still haven't found a better OS for my needs. Fanyboys: Stop telling me to get Linux. Stop telling me to get OSX. Go back to your gameless computers and leave me the hell alone.

Re:Is it just me... (1)

gkearney (162433) | more than 7 years ago | (#18606349)

It's the price they pay for being a monopoly.

Re:Is it just me... (1)

Cheezymadman (1083175) | more than 7 years ago | (#18606445)

It's the price they pay for being a monopoly.
From Wikipedia [wikipedia.org] : "In economics, a monopoly (from the Latin word monopolium - Greek language monos, one + polein, to sell) is defined as a persistent market situation where there is only one provider of a product or service"

I guess Apple Computers, Inc. doesn't count as a provider of a product or service.

Re:Is it just me... (1)

Krakhan (784021) | more than 7 years ago | (#18606719)

That's some nice cherry picking you're doing. If you read a little bit more of the article, you would also find:

Monopolies are characterized by a lack of economic competition for the good or service that they provide and a lack of viable substitute goods.

So yes, companies like Apple and Sun provide alternatives, but that doesn't imply Microsoft is thus not a monopoly, since they have little market share for desktop computing. Having no other competitors is a sufficient, but not a necessary condition.

Re:Is it just me... (1)

PermanentMarker (916408) | more than 7 years ago | (#18606387)

Your right on all of it.

I first didnt understand also the fuz about this hotfix.
Until it came into my mind that on websites often people have customized cursors.
So thats why probply it is more serious then most of us think.
Most will think well i dont use this custom cursors, but in fact they can do on these websites.

It is great how fast MS responds on this.

Re:Is it just me... (1)

ddocjohn (1019028) | more than 7 years ago | (#18606427)

Funny, I was under the impression they've known about this since December.

Re:Is it just me... (1)

cyrtainne (1078481) | more than 7 years ago | (#18607979)

NO, they did NOT fix it in one day. First, they said the problem didn't even exist, now it's "isolated". Then about a week or two later (yesterday) they fixed the problem with a faulty patch. Then they had to fix that problem. Microsoft wants to be on top of the operating system market and as long as customers are shelling out $200 or $300 bucks for one, it had better damn well perform to expectations. If it does not, and customers are dis-satisfied they will simply choose between Mac and Linux. This is simply economics 101.

To Quote the movie "Brazil" (2, Funny)

Herkum01 (592704) | more than 7 years ago | (#18606201)

"There's been a little complication with my complication"

.ANI problem is what? (1)

Porchroof (726270) | more than 7 years ago | (#18606421)

I've read a number of news articles regarding the .ani problem, but none of them has described what the damned problem is. Do any of you know?

Re:.ANI problem is what? (1)

cciRRus (889392) | more than 7 years ago | (#18606539)

Basically, IE/Outlook users can get owned by visiting sites fitting with the ANI exploit, which is reported to be in the wild. Read more here [securityfocus.com] .

gn44 (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18606499)

according tothis fucking market Problem; a fe3 Are just way over

big program breaking (2, Interesting)

Anonymous Coward | more than 7 years ago | (#18607265)

I'm a developer for a software package that lots of automotive engineers use to do bus analysis. The patch broke our software, and we've gotten calls from lots of people at our smaller companies wondering what was going on. The bigger (think Big 3) customers have huge turn around times on Windows Update patches, but as of now we have lots of angry people wondering why our software won't work. Nothing like MS giving us bad rep for essentially us doing nothing.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>