Personal Tech Pipeline | Microsoft Refutes Windows "Back Door" Claim

White Papers

Sponsor Resources

Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

January 17, 2006

Microsoft Refutes Windows "Back Door" Claim

Courtesy of TechWeb News

Microsoft has denied allegations that the Windows Metafile (WMF) bug is actually a "back door" planted by the company's developers so they could secretly access users' PCs.

The charges were raised last week by Steve Gibson, security researcher best known for his ShieldsUp Web site, in a podcast. A transcript of that podcast is available here.

Although Gibson presented no proof of the indictment -- he said that without access to Windows' source code, it would be impossible to prove, or disprove, his charge -- he said that any other explanation just didn't make sense.

"This was not a mistake. This is not buggy code. This was put into Windows by someone," Gibson said in the podcast Thursday. Gibson went on to hypothesize that Microsoft created this back door as a way to add code to users' machines whenever it wanted to.

"For example, if Microsoft was worried that for some reason in the future they might have cause to get visitors to their website [sic] to execute code, even if ActiveX is turned off, even if security is up full, even if firewalls are on, basically if Microsoft wanted a short circuit, a means to get code run in a Windows machine by visiting their website [sic], they have had that ability, and this code gave it to them," Gibson said.

"I don't see any way that this was not something that someone in Microsoft deliberately put into Windows," he concluded.

A Microsoft official denied the allegation in an entry on the Microsoft Security Response Center blog written late Friday. Program manager Stephen Toulouse wrote a detailed explanation of the "SetAbortProc" function's vulnerability, and said that the flaw was an inadvertent bug, not coding by design.

"There's been some speculation that you can only trigger this by using an incorrect size in your metafile record and that this trigger was somehow intentional. That speculation is wrong on both counts," wrote Toulouse. Gibson said that one reason he began thinking that the WMF vulnerability was a back door was because he could exploit the flaw only with a metafile record of an incorrect size.

But Toulouse rejected that claim. "The vulnerability can be triggered with correct or incorrect size values," said Toulouse, who said that Gibson's experience likely resulted from putting the SetAbortProc record as the last record in the metafile.

Toulouse also acknowledged that the bug was introduced into Windows during a time when the security situation didn't include hackers using malicious image files to exploit vulnerabilities. "This was a different time in the security landscape and these metafile records were all completely trusted by the OS," he said. "When it was introduced, the SetAbortProc functionality served an important function."

SetAbortProc, the vulnerable function in the graphics rendering engine (GDI), preceded the Windows Metafile format, said Toulouse, another reason why Gibson's charges don't add up. (SetAbortProc's duty is to allow for print jobs to be canceled.)

Most other security experts rejected Gibson's back-door theory.

"[There's] lots of old code hanging around Windows," said Richard Stiennon, director of threat research for Boulder, Colo.-based anti-spyware vendor Webroot. "Mr. Gibson is being spooked by ghosts of the past."

E-mail This Story
Print This Story
Reprint This Story

Get the latest Personal Tech news, product info, and trends every week.

Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed

Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
How to Achieve High Performance Through IT
Learn to achieve high performance by aligning IT to
strategic objectives and solutions to unlock that value.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Apple posted this week its first-ever full-length movie -- the made-for-TV Disney Channel original movie "High School Musical" -- on iTunes for the price of $9.99. What do you think of this pricing for downloadable movies?
Love it! The price is lower than I would expect.
Like it. The price is about right.
Dislike it. The price is is a little too high.
Hate it! The price is way, way too high.
Neutral. It depends on the movie.

In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.

Transform your IT infrastructure with IBM
Successful CIOs see IT as a prime stimulus for business innovation-and themselves as key participants in a process that develops business and IT strategies in concert. Read an executive summary and register to download the full IBM paper.

Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

Block or Secure IM Use
IM threats up 250%. Protect your corporate network. Free Download.

Secure & Easy Console Management with Digi CM
The Digi CM console server provides secure, intelligent & easy access to network devices with a serial console port. With Digi CM, you can securely monitor & control servers, routers, switches & other devices even when your network is down.

Understand the financial impact of open source.
Will open source pay off? Open source is becoming standard within enterprises, often because of cost savings. Find out how much of a financial impact it can have on your organization. Get this methodology and calculator now, compliments of JBoss. Go!

Buy a Link Now

Top ten search terms from the TechWeb TechEncyclopedia
How does your pay rate? Check the InformationWeek Salary Survey
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia