 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows NT / Setup / February 2005Problem caused by Security Hotfix MS05-002
Hi all, I have just stumbled across a problem on a NT4 machine here. It appears that the application of hotfix "MS05-002: Vulnerability in cursor and icon format handling could allow remote code execution" (KB891711) BREAKS OpenGL on the machine. I had been wondering why screensavers had been behaving in an erratic manner for the last couple of weeks, and this was my first opportunity to investigate in detail. My suspicion is that the MS05-002 patch replacement of GDI32.dll is to blame, since the OpenGL system relies on calls into this core module. Would somebody else please try on their patched system and see if my fears are founded - the easiest method is to attempt to 'Test' one of the OpenGL screen savers from the Desktop Properties > ScreenSavers Tab. BTW - the NT4 Reference site has been updated and expanded considerably over the last month. If you haven't taken a look recently, please do so ! http://nt4ref.zcm.com.au As always, constructive suggestions, additions, criticisms etc... are welcome. Calvin. > Hi all, > > I have just stumbled across a problem on a NT4 machine here. It appears > that the application of hotfix "MS05-002: Vulnerability in cursor and > icon format handling could allow remote code execution" (KB891711) > BREAKS OpenGL on the machine. Hi Calvin, You're wright regarding broken OpenGL. I test it on 3D Molecules Viewer and it complained about "SetPixelFormat failed" and quits with "OpenGL init_failed" afterwards. But this "feature" of MS Security fixe seams to come prior of KB8991711. I have replaced all "fixed" files with pre-KB8991711 version to no avail. While I stepwise replaced security fixes containing gdi32.dll et. comp., earliest working version appeared prior to KB840987, back in october of 2004. This fix deals with "Remote Code Execution" through various images - among other things. So I'm "happy" now with new option MS has gave us - either Security or OpenGL. Thanks MS! Polikarp Hi Polikarp, Thanks for your feedback - and your experiments. I took a wild guess and blamed MS02-005 since it was the most recent hotfix that replaced GDI32.dll, but in light of what you have said, I am obviously gonna have to look more closely at this, so we can find out who the real culprit is. At this stage however, such research is merely academic and in the interests of accuracy and completeness. As you said, we have ZERO chance of getting Microsoft to fix this now, so a nice parting shot from them: "Security or a working OpenGL system, take your choice" :-( I know what I would like to call them (it's a word that casts aspersions on their parentage, but that would just be rude !) Calvin. Support: Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx  SignatureRegards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft Certified Professional Microsoft MVP [Windows] http://www.microsoft.com/protect | Hi all, | [quoted text clipped - 20 lines] | | Calvin. Hi Dave, unfortunately, I'm half a world away in Australia, and Microsoft Australia don't want to know about it - all you get is the standard "Windows NT4 is no longer supported - upgrade" mantra - something I could well do without hearing frankly ! Update: After running the patches on a few more machines, the pattern as to what brings about the problems with OpenGL has actually become LESS clear - I'm now not certain it is MS05-002 that is to blame - and the symptoms only seem to appear on SOME systems. I'm reaching the conclusion that it is actually an interaction between a recent hotfix (not sure which one though), NT 4 and the Video card drivers. FURTHER INFO from ANYONE on this topic appreciated greatly !! For most people this whole problem is really a bit of a 'storm in a teacup', because OpenGL to a great degree is basically a dead standard anyway. The only OpenGL my systems deal with is a few screen savers, which have been removed to prevent their future use. Elsewise the system operates normally and all other video features appear to function correctly. Calvin. Hello Calvin, I'm new to NT (~didn't care for XP at all). Thank You so much for your NT reference pages (you will see how important they are)! I seem to have OpenGL working on an nVidia GeForce2 Go w/ the latest universal drivers from nVidia (-- thank you nVidia!). The following MS updates and patches have been installed (note: this is a new install & is yet a work in progress): NT 4.00.1381 SP6a IE 6.0 SP1 Q833889; Q823353; Q889293 MS Data Access Components KB870669 MS VGX Q833989 Outlook Express Q823353 Win KB823559 Win KB840315 NT 4.0 Hotfixes: Q299444 (SRP) Q304158 Q312895 Q313829 Q318138 Q320206 Q323172 Q326830 Q810833 Q815021 Q817606 Q819696 NT 4.0 Workstation Hotfixes: KB825119 KB828035 KB828741 KB835732 KB839645 KB841872 This list was taken from ADD/Remove programs list & about dialogues. The installation of the patches & updates was done through the Windows Update site (~ I now believe doing it this way may have been a mistake ~~). I suppose there could be other patches or updates (uninstallable) that are not listed here. The patching/updating was all done within the last couple of days. With the exception of the two patches mentioned below (KB867801 & KB841873), this list represents essentially (afaik), if not completely, what was offered at Windows Update to patch a Windows NT 4.0 SP6a Workstation w/IE 6.0 SP1 installed. (As yet, there are no 3rd party apps other than a firewall & virus protection installed on the machine.) Perhaps this information is of some use to you? I hope it is. So far, at least with the updates mentioned, the OpenGL on this machine works. Perhaps too, my list is incomplete? After I get the Sysinternals tool you recommended, I most likely could make a better list, if you wish. ///////////////////////////// >additional comments: One item installed by Windows Update I uninstalled: Security update 889293 (because, on reading its description, it appeared to apply to NT 4.0 SERVER). Then, on reading a bit more & reconsidering, I re-installed it. Perhaps I missed where it indicates NT 4.0 Workstation, or, perhaps, the distinction is not relevant here? On the whole, all of this is confusing/confused to say the least. Same is true for the MS05-002 patch (-- it did not appear to apply to NT 4.0 Workstation) -- so do I apply it or not? Two patches that were on the list of downloads at Windows Update would not install: KB867801 (cumu. update for IE6 SP1 -- giving the error that ~ "IE 6 SP1 must be installed ... etc." -- It _is_ installed!?) KB841873 (errors with: ~"NT4.0 SP6a must be installed...etc." -- It _is_ installed!?). I have, as yet, not found the patch, 307866 (srp repair tool --- the link in the MS article references a general index page), but haven't made a thorough search yet. Softex drivers associated w/3Com mini PCI combo Modem/NIC give error on startup (as expected), but I don't need or know too much about the Network -- modem part of this combo appears to work fine. I suppose I'll be able to fix this when I understand it a little better? As queried in another newsgroup, I have some sort of error in the setup: the geneal dialogue of system properties reports an incorrect value for the version of IE 6 SP1: instead of "IE 6.0.2800.1106", it reads, "IE 5 6.0.2800.1106". I don't know whether/how significant this error is or how it might be fixed. (I guess I did something bad to create this ....) Otherwise, this setup is working great (so far), without any indication of instability. io > Hi Dave, > [quoted text clipped - 18 lines] > > Calvin. Hi Io, thanks for your response. As I said in my last post, the situation regarding hotfixes and broken OpenGL is now about 'as clear as mud' :-( SOME machines have all the hotfixes applied, and OpenGL is still working properly, some it is not - the only difference between them APPEARS to be the video card drivers - but I'm not yet prepared to 'stick my neck out' and categorically state that the video card drivers ARE a factor in this failure. As to hotfixes and updating a NT 4.0 workstation machine, the hotfixes released post 30 June 2004 WILL say they are ONLY for NT Server, merely because Microsoft made the commercial decision to discontinue NT4 Workstation support on June 30 - so as far as they are concerned it is dead - this type of behavior I consider reprehensible ! Your list of hotfixes applied looks about right - my http://nt4ref.zcm.com.au/patch.htm page won't mention the hotfixes relating to things like Outlook Express (or LookOut Express as a friend of mind likes to call it - for good reasons !) and Internet Exploder since these are not part of a base NT4 install and therefore outside the parameters of list. I actually don't use, or recommend using, either of these products - they are far too 'system invasive' and open the machine up to far too many security risks. (I actually use Mozilla for my Browsing, Mail and News needs) As I suggested on my page use "PSInfo -h' from the PS Tools suite from System Internals for a far more thorough and complete status display of hotfixes and SRPs and SPs. I noted in a local 'trade magazine' I was reading here today in Australia that Microsoft is about to: 1. Shut down the FTP service completely. (Around March some time) 2. Lock down Windows Update so that it is only accessible to Win 2k and XP users who 'register' by providing their license key. (A May timeframe is cited) I have been busy making sure i have archival copies of everything I need fore the continued health and well-being of NT$, since it looks like time is fast running out ! Calvin. Hi Calvin, I have identified a culprit (just for completness - I don't want to stretch this issue). It is Win32k.sys file/driver. Last Good One (with the size and date stamp) was Win32k.sys 1.255.152 07.01.04 Bad boys (size/date): 1.255.472 03.08.04 (KB8991711) 1.255.568 25.12.04 It also occured to me that, considering a role of this file, some video-driver initiation failed. I have an ATI Radeon 7500 card with the latest drivers ATI was willing to provide (almost 3 years ago, v.4.3.4035). As Io mentioned previously, he has Nvidia card and no problems - so maybe ATI will help ? If only they could remember an OS with such a name. It is sad to hear OpenGL is dead, because it was alternative to DirectX (NT and DX ... ouch !). Polikarp Hi Polikarp, Thankyou very much for the information ! I hadn't considered replacement of Win32k as being the cause of this, but when you pointed it out, it suddenly becomes really obvious !!! - me bad for not considering this previously :-( That still leaves us in the unenviable position of 'time for a choice': a secure system and broken OpenGL, or working OpenGL and a potential security hole !!! THANKS HEAPS MICROSOFT ! I've predicted that they would find some way to try to convince everyone to upgrade away from NT 4.0 - looks like my prophecy is now coming to fruition :-( I suppose we now need to look at precisely what a regression of Win32k to a 'non-broken' version will do, as far a compatibility and stability of a system and potential security risks are concerned. Calvin. Hi, Calvin > I suppose we now need to look at precisely what a regression of Win32k > to a 'non-broken' version will do, as far a compatibility and stability > of a system and potential security risks are concerned. I have done exactly that a few days ago and everything works as usual. No problems with video/graphics related applications nor with any "everyday" programs. I can live with that. Sure, few security holes related to offending file could still be opened - but there are much more still to come, never to be plugged. C'est la vie ... with MS. Polikarp Hi Polikarp, I see that my Win32k.sys is still the "good one", as I have not yet installed KB8991711. So perhaps, not such a good test case. You made a good observation, and I'll consider carefully before installing more updates. Security ? ... well, yes, it's important & I'll do my best, & I wish Microsoft would slow down & really concentrate on making the past & present code more secure rather than always rushing headlong into unknown territory for the sake of novelty & marketshare. As Paul Virilio has pointed out, "the invention of the railway results automatically in the invention of the derailment". io ~~~~ Hi Calvin, I have identified a culprit (just for completness - I don't want to stretch this issue). It is Win32k.sys file/driver. Last Good One (with the size and date stamp) was Win32k.sys 1.255.152 07.01.04 Bad boys (size/date): 1.255.472 03.08.04 (KB8991711) 1.255.568 25.12.04 It also occured to me that, considering a role of this file, some video-driver initiation failed. I have an ATI Radeon 7500 card with the latest drivers ATI was willing to provide (almost 3 years ago, v.4.3.4035). As Io mentioned previously, he has Nvidia card and no problems - so maybe ATI will help ? If only they could remember an OS with such a name. It is sad to hear OpenGL is dead, because it was alternative to DirectX (NT and DX ... ouch !). Polikarp |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.