mailing list archives
Defense in depth -- the Microsoft way (part 12): NOOP security fixes
From: "Stefan Kanthak" <stefan.kanthak () nexgo de>
Date: Sat, 19 Oct 2013 18:35:05 +0200
Microsoft addressed CVE-2012-0181 for Windows NT 5.x; see
<https://support.microsoft.com/kb/2686509> for details.
BUT: the hotfix KB2686509 does NOT fix anything!
Instead it just checks ONCE(!) whether all the "keyboard layout DLLs"
are either registered with their fully-qualified pathname or exist in
This STATIC, ONE TIME check but does NOT cure the problem, it only checks
for the symptom!
If Microsoft would REALLY care about security, the hoxfix KB2686509 (or
better: Windows setup) would (re)write all references to filenames with
their fully-qualified pathname, i.e. as
2004-08-23 informed vendor about still unfixed principal security
flaws due to unqualified filenames and Windows' EXE/DLL
search/load order after release of SP2 for Windows XP
JFTR: Microsoft started their "trustworthy computing" initiative in
2001, and XP SP2 was supposed to eliminate many of the errors
Microsoft made in previous versions of NT.
2004-08-25 vendor replies "no vulnerabilities", but forwards report
to product groups/teams
2004-09-02 vendor still wont see vulnerabilities, asks for POC(s)
2008-05-30 vendors publishes
2009-04-15 vendor publishes <http://support.microsoft.com/kb/959426>
2010-08-23 vendor publishes
and updates it over and over again since then
2012-05-08 vendor publishes <http://support.microsoft.com/kb/2686509>
PS: if Microsoft weren't such sloppy coders and had a QA department this
whole class of vulnerabilities would not exist: the path to EVERY
executable in Windows is well-known, all references can use the
fully-qualified, absolute pathname.
<http://home.arcor.de/skanthak/download/XP_FIXIT.INF> fixes all the
2500+ unqualified (plus not properly quoted long) filenames left in
the registry of Windows XP SP3 AFTER fixing the other 2000+ unqualified
(plus not properly quoted long) filenames in the \i386\HIVE*.INF and
\i386\DMREG.INF (from which the initial registry is built) on the
<http://home.arcor.de/skanthak/download/W7_ERROR.INF> documents the
4500+ unqualified filenames in the registry of Windows 7 Professional
with SP1, and <http://home.arcor.de/skanthak/download/W7_ISSUE.INF>
documents some other issues.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Defense in depth -- the Microsoft way (part 12): NOOP security fixes Stefan Kanthak (Oct 19)