Topic: The Windows MetaFile Backdoor?

[Nemesis]

Link to full story

Leo and I carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn't have the feeling of another Microsoft "coding error." It has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution "backdoor." We will likely never know if this was the case, but the forensic evidence appears to be quite compelling.

Leo: So you're saying intentionally or - Microsoft intentionally put a backdoor in Windows? Is that what you're saying?

Steve: Yes.

Leo: Well, that's a pretty strong accusation. Could this not have been a...

Steve: Well, it's the only conclusion...

Leo: It couldn't have been a mistake?

Steve: I don't see how it could have been a mistake. Again, I'm going to continue to look at it. But from what I've seen now, this had to be deliberate. It was not what we were led to believe. Well, and it's funny, too, because then I thought, okay, wait a minute, Microsoft has lied to us. I reread the original vulnerability spec in, you know, their vulnerability page. And they never say this isn't the case. I mean, they describe it as a vulnerability, which it certainly is. Nowhere, you know, is even what I'm saying contradicted by their page.

Leo: So you're saying Microsoft, or people at Microsoft maybe unbeknownst to Microsoft, intentionally put code in Microsoft Windows that will allow anybody who knew about it access any Windows machine, to get into any Windows machine and run any arbitrary code on it.

Steve: Well, it's not like a trojan, where they would be able to contact a remote machine. But, for example, if Microsoft was worried that for some reason in the future they might have cause to get visitors to their website to execute code, even if ActiveX is turned off, even if security is up full, even if firewalls are on, basically if Microsoft wanted a short circuit, a means to get code run in a Windows machine by visiting their website, they have had that ability, and this code gave it to them.

2nd link

The only conclusion that can reasonably be drawn is that this was a deliberate backdoor put into all of Microsoft's recent editions of Windows.  WHY it was put in and WHO knew about it, and WHAT they were expected to use it for ... we'll never know.

IF true and provable then Microsoft is in deep trouble.  Especially deep as the media player was embedded in the system and not officially removable.

[Sirgod]

I agree, I started a small fix thread on It http://www.dynaverse.net/forum/index.php/topic,163363481.0.html

If It's intentionel though, Every regestered user might be seeing a Rebate in oh about 2053. 

Stephen

[Nemesis]

If it is proven the Microsoft has put in one or more backdoors on purpose then the ramifications for Microsoft are much larger than rebates. 

Can anyone with a need for a secure system accept the possibility that Microsoft has illicit access to their systems regardless of what they may have done themselves to secure it?  Governments, multinational corporations and competitors would pretty much have to say no to Windows with any online connections of any sort.  The lawsuits that would result would make the antitrust trials look like a mild cold versus the plague. 

Wholesale migration to alternate systems would be pretty much an automatic result.

[Nemesis]

A bit of an extension to this

Link to full article

Microsoft's relatively quick response to the WMF fiasco may have been a bit too quick. In the midst of a debate at Ars Technica over Microsoft's personal-best performance in handling the WMF exploit, a few quiet voices popped up. Zakharov:

    Is it me or was that patch distributed with some kind of hidden higher priority? I normally leave windows auto-update set to notify me when patches are downloaded for manual installation but the WMF patch took matters into its own hands and installed itself with a reboot.

According to Microsoft's documentation for Automatic Update, that shouldn't happen to an Administrative user: "If you are an administrator for your computer, you can delay the restart; otherwise, Windows warns you and then restarts your computer for you. Make sure you save your work and remind other users to save their work, especially before scheduled installation times."

It appears that if you have you system configured to download updates but to install them only if approved (by you) Microsoft ignored that setting and installed anyway. 

This attitude that Microsoft has that it is their computer to do with as they wish not mine is what is driving me away from Windows.