Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

A simple HTML tag will crash 64-bit Windows 7
The Register ^ | John Leyden

Posted on 12/21/2011 10:18:07 AM PST by ShadowAce

An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full 'blue screen of death' system crash.

The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines, security alert biz Secunia warns. Fortunately the 32-bit version of Windows 7 is immune to the flaw, which has been pinned down to the win32k.sys operating system file - which contains the kernel portion of the Windows user interface and related infrastructure.

Proof-of-concept code showing how to crash vulnerable Win 7 boxes has been leaked: the simple HTML script, when opened in Apple's Safari web browser, quickly leads to the kernel triggering a page fault in an unmapped area of memory, which halts the machine at a blue screen of death.

The offending script is just an IFRAME tag with an overly large height attribute. Although Safari is required to spark the system crash via HTML, modern operating systems should not allow usermode applications to bring down the machine. Microsoft is now investigating the vulnerability, which was first reported by Twitter user w3bd3vil, although the software giant is racing against hackers tracing the code execution path to discover the underlying vulnerability in Windows 7.

A video of the Safari-triggered crash along with the HTML PoC can be seen here. Other exploit scenarios might also be possible. ®


TOPICS: Computers/Internet
KEYWORDS: collapse; computersecurity; default; depression; economy; hackers; html; vulnerability; windows
Navigation: use the links below to view more comments.
first previous 1-2021-4041-56 last
To: discostu
7 is basically Vista with less bugs, so anything that crashes 7 is probably gonna spike Vista too.

That is pretty much what I figured out at the time I removed the browser and the problem ceased to exist. So I stay away from Safari.
41 posted on 12/21/2011 2:05:29 PM PST by OneVike (Just a Christian waiting to go home)
[ Post Reply | Private Reply | To 39 | View Replies]

To: discostu
There’s 2 great reasons not to get Macs: 1 - you can buy 2 solid PCs for the price of a Mac 2 - all the software is written for Windows. Yeah sure Mac can pretend to be Windows, but good luck getting support if there’s a problem, the companies support Windows, not pretending to be Windows.

Yeah Windows has problems. Whatever. It’s fast, it’s smooth, it’s actually pretty stable (I haven’t seen a blue screen in years), it’s cheap (if you’re at all connected to the industry it’s free legally), and there’s tons of software available. Sure you don’t get to be snooty about your OS, but only a pathetic loser takes pride in the OS on their computer anyway, and you wants to be one of them. Take the money you save buying a PC and go to the liquor store and learn to be snooty about something cool like scotch.

You can buy two or three Fiats or Yugos
for the price of a Ford or Chevy.

For less than a bottle of Lagavulin,
you can port your entire windows machine
into VMware Fusion window.
One can cut and paste across machines.
Share file systems between machines.
Share I/O devices across machines.

One can sandbox your Windows
machine from the Internet.

OBTW you will find out what the
technical term:
Benutzerfreundlichkeit means.

The ROI is far better on a Mac than a PC any PC.

Networking is absolutely seamless with OS X.

But you are an IT consultant, do what you please.


42 posted on 12/21/2011 6:12:09 PM PST by Uri’el-2012 (Psalm 119:174 I long for Your salvation, YHvH, Your law is my delight.)
[ Post Reply | Private Reply | To 38 | View Replies]

To: UriÂ’el-2012
"One of the fundamental rules of an operating systems is that it can not be taken down by any application ! Any robust op/sys should be able to shed a rogue application program."

I'll never be a developer but I've done some loading Windows to new boxes and old for many years, my gig is lab admin. I like the way your big old brain works. Nobody outside the compound should be able to walk in and torch the fort. That is not an assident from the intruder, that is a flaw in the OS. I prefer Windows because of my time with it, but I still get POd from time to time. Apple gives me the redass too, every time I use it.

Stay safe FReeper.

43 posted on 12/21/2011 6:23:04 PM PST by West Texas Chuck (Alcohol, Tobacco and Firearms. That should be a convenience store, not a Government Agency.)
[ Post Reply | Private Reply | To 32 | View Replies]

To: BuckeyeTexan
Yeah, that patch is called Linux.

OOOOOh! You so funneee! :P Thanks for the tip....
44 posted on 12/21/2011 7:06:35 PM PST by gimme1ibertee ("Criticism......brings attention to an unhealthy state of things"-Winston Churchill)
[ Post Reply | Private Reply | To 19 | View Replies]

To: RJS1950
Until something comes out, don’t use Safari.

Thanks.I don't intend to use Safari or anything else.
I use Firefox religiously and always have,and I also have Avast! installed.
I keep them both updated.I've never had a problem with these two.(If it ain't broke,don't fix it.)
I just wondered if there was anything else I might need to do to insure my laptop doesn't vapor-lock on me one day because of some security flaw.
45 posted on 12/21/2011 7:11:41 PM PST by gimme1ibertee ("Criticism......brings attention to an unhealthy state of things"-Winston Churchill)
[ Post Reply | Private Reply | To 13 | View Replies]

To: UriÂ’el-2012
Very good points all.

Only thing that bothers me on FreeRepublic computer tech threads is the ignorance of posters about the purpose and proper function of an Operating System. The early CP/M MS-PC/DOS then Win9x and finally the WinNT family of “operating systems” have conditioned many PC users to system crashes. These crashes may have been due to direct hardware access in the early DOS days, to poorly written drivers which operated in kernel space/Ring 0 or poorly validated system calls. Microsoft is trying to clean up the kernel space/user space mess from past Win32 APIs...

As you stated, an application should never be able to crash a properly designed privileged operating system. While Intel does a good job with maintaining the x86 and and forwarding the current and future x64 spec, as long as the Ring transition costs remain as is, Microsoft will always be tempted to let too much code run (or call) Ring 0...

Seems one can never convince the technically ignorant because their computer company allegiances prevail over reason. This Win32 HTML kernel bug being a prime example.


dvwjr

46 posted on 12/21/2011 7:25:27 PM PST by dvwjr
[ Post Reply | Private Reply | To 32 | View Replies]

To: dayglored

You are correct an application should never be able to crash an OS. this has to be taken care of at the OS level ultimately..


47 posted on 12/21/2011 11:03:34 PM PST by ColdSteelTalon (Light is fading to shadow, and casting its shroud over all we have known...)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Electric Graffiti
> Are you saying Apple’s Safari is a malicious piece of software? I agree with you....When you down load an executable, you either give it permission to run on your system or you don’t. The OS cannot protect itself from user inflicted dumbsh!tness ..... you ignorant puffed up smidgeon of blowfish sh!t

First, you are rude beyond tolerance, and out of line with the rules of this site. So here's your chance to apologize for your outrageous and unprovoked ad hominem attack.

Second, your are factually incorrect -- operating systems protect themselves all the time from userland application errors like the one in Safari under discussion here. The fact that you apparently don't know that is astonishing -- your arrogance combined with your inaccuracy makes you sound like a ranting fool. Regardless of how you sound, your statement is utterly false, would you like to retract it?

Third, you being the one who is incorrect, are out of line calling me ignorant. Unlike you, I know what I'm talking about.

So here's your chance to redeem yourself, your big opportunity to take your rude and inaccurate comments back.

BTW, I wasn't actually calling Safari "malicious" per se, although my experience with it on Windows has been terrible. I find it to be unstable and uncooperative at best. I refuse to put it on my Windows computers, and I do not allow it on the Windows computers used by the international software company for whom I am Director of System Administration. Safari for Windows will not cross our doorstep on my watch. Nevertheless, it's not "malicious", strictly speaking; it's just awful -- but that's enough.

Cheers.

48 posted on 12/21/2011 11:42:56 PM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 17 | View Replies]

To: for-q-clinton
> While this is most likely a Microsoft issue, it is possible that Safari installed itself in such a way to access Ring 0.

While I suppose you could argue that it's theoretically possible that's what happened here, the fact is, it's not what happened here. Microsoft is scrambling to fix their vulnerability, instead of pointing a finger back at Apple, so we know for sure it's a Microsoft issue. Otherwise, MS would have a field day with Apple's application error.

I can't say with authority that Windows Safari stays out of Ring 0 -- it might throw some driver in the kernel, I don't know offhand. But an IFRAME tag causing a large memory request is not a Ring 0 kernel kind of a problem. No application memory allocation request should ever cause a bluescreen. And Microsoft will find it and fix it, they're bright folks.

Nice try, no dice.

49 posted on 12/22/2011 12:00:32 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 23 | View Replies]

To: UriÂ’el-2012

Very well stated, and agreed, all of it.


50 posted on 12/22/2011 12:08:35 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 32 | View Replies]

To: for-q-clinton
> Actually now that I watched the video and did a quick review of the blue screen it does look like a bug in win32k.sys. It just took some of Apple’s shoddy code to expose some of Microsoft’s shoddy code.

I agree -- you said it well.

51 posted on 12/22/2011 12:10:56 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 25 | View Replies]

To: ShadowAce; Quix

Thanks for this info. Helpful to me.


52 posted on 12/22/2011 5:43:50 AM PST by Joya (http://www.angelsonassignment.org/why_aoa.html)
[ Post Reply | Private Reply | To 1 | View Replies]

To: UriÂ’el-2012

You led off with a really bad example there, given that Fiats are generally more reliable and comfortable than Fords and Chevys. Cheaper and better. Kind of proved my point actually.

I mentioned the whole pretending to be Windows thing. But as I said, good luck getting support. You call up your software guys with a problem, they ask what your system is, you say VMware, they say “we never tested that”, and now you’re basically on your own.

Windows is plenty user friendly. I know all the Mac weenies insist it isn’t, but the user base proves them wrong.

Networking is absolutely seemless in Windows. Plug in the network and go. Hardly ever have to install drivers, and even then, install the drivers, plug in and go. The only time it’s ever rough is if the domain itself has been setup funky, and that’s the admins fault.

Not an IT consultant. QA engineer, 16 years. I’ve worked professionally with every version of Windows since 3.11, and dealt with plenty of not-Windows. Most of the not-Windows OSes are overrated. I remember System 7, that was the day I realized Mac-weenies are full of it. Horrible OS, my wife could crash it because she typed too fast, menus were in persistent (talk about not user friendly), and the print buffer on the big Apple printers (don’t try using something else) was like half a page AND the print progress dialog was system modal. They’ve come a long way since then, OSX is pretty nice, but it’s not nice enough for the price.


53 posted on 12/22/2011 6:01:48 AM PST by discostu (How Will I Laugh Tomorrow When I Can't Even Smile Today)
[ Post Reply | Private Reply | To 42 | View Replies]

To: discostu
You led off with a really bad example there, given that Fiats are generally more reliable and comfortable than Fords and Chevys. Cheaper and better. Kind of proved my point actually.

I mentioned the whole pretending to be Windows thing. But as I said, good luck getting support. You call up your software guys with a problem, they ask what your system is, you say VMware, they say “we never tested that”, and now you’re basically on your own.

Windows is plenty user friendly. I know all the Mac weenies insist it isn’t, but the user base proves them wrong. Networking is absolutely seemless in Windows. Plug in the network and go. Hardly ever have to install drivers, and even then, install the drivers, plug in and go. The only time it’s ever rough is if the domain itself has been setup funky, and that’s the admins fault.

Not an IT consultant. QA engineer, 16 years. I’ve worked professionally with every version of Windows since 3.11, and dealt with plenty of not-Windows. Most of the not-Windows OSes are overrated. I remember System 7, that was the day I realized Mac-weenies are full of it. Horrible OS, my wife could crash it because she typed too fast, menus were in persistent (talk about not user friendly), and the print buffer on the big Apple printers (don’t try using something else) was like half a page AND the print progress dialog was system modal. They’ve come a long way since then, OSX is pretty nice, but it’s not nice enough for the price.

Fiats are more reliable and comfortable than Ford or Chevy ! roflmao !

In my forty-five years of experience with Virtual Machines
all op/sys and applications run better in a virtual environment
than on hardware.

Windows is pretty user-friendly and the network is seamless?
Compared to a real operating system ?

You stated that you don't know any op/sys except Windows.

Mac OS system 7; that was ten to twenty years ago. ROFLMAO !
OS X(Unix) has been around for over ten years

Working on Windows is guaranteed job security as it is crap code.


54 posted on 12/22/2011 10:32:16 AM PST by Uri’el-2012 (Psalm 119:174 I long for Your salvation, YHvH, Your law is my delight.)
[ Post Reply | Private Reply | To 53 | View Replies]

To: UriÂ’el-2012

I spent 10 minutes test driving a Ford and needed 6 advil to get my back in shape again. There are medieval torture devices more comfortable. As for Chevy, there’s a reason they needed a bailout, they have made a vehicle that wasn’t a giant POS for 30 years. Fiats are bad cars but Ford and Chevy are pathetic horrible cars.

For VMs it all depends on how tightly tied the software is to the hardware layer. The more the software wants to talk to the hardware the worse it’ll run on VM. The problem with Windows apps on VM is Windows really likes to talk to the hardware. Things get twitchy. And of course there’s the overhead problem. If you’re going to run exclusively Windows app (like 90% of the users out there) there’s simply no reason to suck up the overhead of running Mac OS AND the VM layer AND Windows when you can just run Windows. Not to mention the cost, why buy 2 OSes and a virtualization layer when you can just buy 1 OS. The whole setup is needlessly complicated, fine for nerds, stupid and pointless for anybody else.

Windows IS user friendly and the networking IS seamless. Are there other OSes that maybe do it better? Yes. Well not really the network. Since they defaulted to TCIP and DHCP (NT4) Windows networking is plug and go, you can’t get more seamless than that, pretty much all the OSes tie on that one. As for user friendly yeah other might do it better, though really at this point it’s all a matter of what you’re used to. Anybody that’s used Windows more than a month knows it well enough to do anything they need to. Yeah maybe they would have learned OSX is 22 days, immaterial at this point.

I never stated I didn’t know any OS other than Windows. Actually exactly the opposite. Try to actually read what was actually written instead of just slapping it on your clipboard. I’ve dealt with many many OSes, Mac, ‘Nix, VMS, DOS, the old Basic environment stuff that used to run Apples and Commies and Trash80s. I’ve spent the most time with Windows because that’s where I get paid to live, and frankly it’s an easy OS, but give me 10 minutes to poke around and I can handle any thing out there so long as it’s English.

System 7 was 15 years ago. And the Mac weenies said the same things about it then they say about) OSX now. It was a bunch of lies then, 7 sucked. Now it’s vaguely true, OSX is pretty solid. Not solid enough for the cost though.

Working on software is guaranteed work. Most folks code is crap.


55 posted on 12/22/2011 11:03:52 AM PST by discostu (How Will I Laugh Tomorrow When I Can't Even Smile Today)
[ Post Reply | Private Reply | To 54 | View Replies]

To: dayglored; Electric Graffiti

Agree with all your rebuttal points dayglored - would only add that you missed that people who call other people “you ignorant puffed up smidgeon of blowfish sh!t” are pretty much
on a par with those who call others “poopy pants” or “doodoo head”.

If you’re going to ad hominenum someone at least do it
at an age appropriate level - rise above the 5th grade level.


56 posted on 12/22/2011 4:08:48 PM PST by 2 Kool 2 Be 4-Gotten
[ Post Reply | Private Reply | To 48 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-56 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson