|
This is a cryptographically signed message in MIME format.
--------------ms090808070905090305050104
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
My apologies to those who are receiving this late or are otherwise
inconvenienced by the staggered release. I had unexpected, last-minute
travel issues that interfered somewhat with today's release.
Of note since the initial drafting of the advisory is that Microsoft has
released a blog post on the MSRC blog about the vulnerability report,
which can be read here:
http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx
The technical/strategic points about the exploit that are raised in the
post are indeed accurate (though it references MS05-014, when I believe
the correct reference is MS05-008/MS05-013). The exploit has a greater
dependence on timing than previous, related attacks. As such,
Microsoft's decision not to include this issue in a standalone patch is
seemingly justified at this point. However, the point of disagreement
with Microsoft remains the choice of release *timeline*.
I released the information about this issue to a trusted colleague (Gadi
Evron) for publication today, after what I felt was a reasonable time,
in light of my difficulties obtaining internet access.
Though there are disagreements between myself and Microsoft about the
nature of this vulnerability, I would like to thank Brian Schafer of the
MSRC for adhering to a high level of professionalism and technical
accuracy in that post and for continuing to work with me once it was
made clear that the issue would imminently become public.
Also of note is that there was a typo in the information I provided
originally to SecuriTeam. The proper candidate is CVE-2005-3240, not
*3840* as was originally reported by me. SecurityFocus has also
informed me that my original BID reservation was a casualty of a data
migration and that the proper BID associated with this vulnerability is
now BID 16352, which is public in full detail as of this writing.
There have also been some incorrect reports made to SecuriTeam that this
issue does not affect Windows XP Service Pack 2. These reports are not
correct -- my testing during this investigation was done exclusively on
current installations of Windows 2000 and Windows XP. These systems had
all service packs applied and all updates installed when tests were
performed.
Thanks to Gadi Evron for doing some of my bidding today and taking some
of the heat for my fat-fingers.
The final advisory, corrected with the now-accurate references is
attached with an armored-format PGP signature inline.
- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."
-- Michael Holstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB5444D38
iD8DBQFD8Sb9fp4vUrVETTgRA6VJAKCL+fMJ8b+cIyOPE5Ld+3C2vgCIOgCffRW5
f1H8M88AzB9oMaE32XUUFbk=AVSg
-----END PGP SIGNATURE-----
--------------ms090808070905090305050104
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ8zCC
Az8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQI
EwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENv
bnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAi
BgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVy
c29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5
NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM
dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9Vvy
Gna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOC
dz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCB
kTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhh
d3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNV
HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQAD
gYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFi
w9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpb
NU1341YheILcIRk13iSx0x1G/11fZU8wggNUMIICvaADAgECAgMPac0wDQYJKoZIhvcNAQEE
BQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0
ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA1
MDkwMjIwNDAwNVoXDTA2MDkwMjIwNDAwNVowgZQxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFp
bCBNZW1iZXIxIzAhBgkqhkiG9w0BCQEWFG1hdHRtdXJwaHlAa2MucnIuY29tMR8wHQYJKoZI
hvcNAQkBFhBtcm01NjVzQHNtc3UuZWR1MSswKQYJKoZIhvcNAQkBFhxNYXR0aGV3MDA3QE1p
c3NvdXJpU3RhdGUuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9KzYUk0
0k7m341UkZdC1MJvPEhyqEgX6fy6CEqoD6oSKCUK5jqVYOO2xGgHv43mHtLMYb1XzWv+DU3P
SJcEVSQxZRXSAK3XWcr8eS1HeK4HScr3KYwIzJoP4cFkPCBd59AVILY3j82DZLyIVbNDvX8S
Zw6VitSnmbSX7CM2mKr8AQ7nhwUEi/WzfIxOMp2WHxpYW4chK9bo4fdxUlGg+h6Ji6HrIkHS
N4jkmHDTEqByZzxZj/rhlxXhPMbzR0mAkZPFVOU+kytecxlahK4sH4egxMgUqlyR01z9Yn+L
DE4rxpIZoDfXBqm0LkSTn3Les+ETxu6SDVEZKKbekcU/VQIDAQABo2EwXzBPBgNVHREESDBG
gRRtYXR0bXVycGh5QGtjLnJyLmNvbYEQbXJtNTY1c0BzbXN1LmVkdYEcTWF0dGhldzAwN0BN
aXNzb3VyaVN0YXRlLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAFlgmmxY
Pc1K1wg3JyVJNulCHvHKvaw2zmWgpuBDijSZhZ0GPheKZa/je0oJvqp897AfH9f1tSykdHm2
VcA5QdFN1JFb8AlJDXq68G2MYgQfMyhiAWfhhfCO694JfJqVaY5onDvfMxD0JpbzD60Efc/6
l1C2IO0zBuzFuho9XvQiMIIDVDCCAr2gAwIBAgIDD2nNMA0GCSqGSIb3DQEBBAUAMGIxCzAJ
BgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYD
VQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNTA5MDIyMDQw
MDVaFw0wNjA5MDIyMDQwMDVaMIGUMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVy
MSMwIQYJKoZIhvcNAQkBFhRtYXR0bXVycGh5QGtjLnJyLmNvbTEfMB0GCSqGSIb3DQEJARYQ
bXJtNTY1c0BzbXN1LmVkdTErMCkGCSqGSIb3DQEJARYcTWF0dGhldzAwN0BNaXNzb3VyaVN0
YXRlLmVkdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPSs2FJNNJO5t+NVJGX
QtTCbzxIcqhIF+n8ughKqA+qEiglCuY6lWDjtsRoB7+N5h7SzGG9V81r/g1Nz0iXBFUkMWUV
0gCt11nK/HktR3iuB0nK9ymMCMyaD+HBZDwgXefQFSC2N4/Ng2S8iFWzQ71/EmcOlYrUp5m0
l+wjNpiq/AEO54cFBIv1s3yMTjKdlh8aWFuHISvW6OH3cVJRoPoeiYuh6yJB0jeI5Jhw0xKg
cmc8WY/64ZcV4TzG80dJgJGTxVTlPpMrXnMZWoSuLB+HoMTIFKpckdNc/WJ/iwxOK8aSGaA3
1waptC5Ek59y3rPhE8bukg1RGSim3pHFP1UCAwEAAaNhMF8wTwYDVR0RBEgwRoEUbWF0dG11
cnBoeUBrYy5yci5jb22BEG1ybTU2NXNAc21zdS5lZHWBHE1hdHRoZXcwMDdATWlzc291cmlT
dGF0ZS5lZHUwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQBZYJpsWD3NStcINycl
STbpQh7xyr2sNs5loKbgQ4o0mYWdBj4XimWv43tKCb6qfPewHx/X9bUspHR5tlXAOUHRTdSR
W/AJSQ16uvBtjGIEHzMoYgFn4YXwjuveCXyalWmOaJw73zMQ9CaW8w+tBH3P+pdQtiDtMwbs
xboaPV70IjGCAzswggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD
b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBJc3N1aW5nIENBAgMPac0wCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwMjE0MDA0MDI5WjAjBgkqhkiG9w0BCQQxFgQUGKM0
/WHmZ7WzmVqMmp3vNjjVk+0wUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG
9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYB
BAGCNxAEMWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcg
KFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vpbmcg
Q0ECAw9pzTB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo
YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG
cmVlbWFpbCBJc3N1aW5nIENBAgMPac0wDQYJKoZIhvcNAQEBBQAEggEAZjgf9XLHbInS9fvR
T6aMSxxFCpYQFfterItq6dsae2zQpFBTr9gPJi64emyY5ca3zKo6jffzz0WIY0T80jO0uj5E
o6paCGGXCBKwLr5vOaaLFZNqEVSlnrn8GbmbVQbyWCu/kjpgwyLcmKsJ/yz9xxi62CbxWRFm
h5WBgnN2phmSgkbZdsgqMAB3Ym44xlWe0U+lhVsOXQL3OAxVATKGclbLmQCJWgdIlzJ+Nrzq
AZq+IxIXrLAKXrU/NByMQfyNQQVQ7CjkXUdJ1pD8yaR7hDfX+3KPFb1kYT2L1+RVlzBHvWDX
rUX7sxA0xbotJpfQElzHBolmgUxLTcqAzkwsqgAAAAAAAA=--------------ms090808070905090305050104--