Originally published February 21 2006
Microsoft says Windows metafile bug was not planted
by Mike Adams, the Health Ranger, NaturalNews Editor
Microsoft has denied the claims of security researcher Steve Gibson, who said that the Window metafile bug was planted by the company to secretly access users' computers.
Microsoft has denied allegations that the Windows Metafile (WMF) bug is actually a "back door" planted by the company's developers so they could secretly access users' PCs.
The charges were raised last week by Steve Gibson, security researcher best known for his ShieldsUp Web site, in a podcast.
A transcript of that podcast is available here.
Although Gibson presented no proof of the indictment -- he said that without access to Windows' source code, it would be impossible to prove, or disprove, his charge -- he said that any other explanation just didn't make sense.
"For example, if Microsoft was worried that for some reason in the future they might have cause to get visitors to their website [sic] to execute code, even if ActiveX is turned off, even if security is up full, even if firewalls are on, basically if Microsoft wanted a short circuit, a means to get code run in a Windows machine by visiting their website [sic], they have had that ability, and this code gave it to them," Gibson said.
Program manager Stephen Toulouse wrote a detailed explanation of the "SetAbortProc" function's vulnerability, and said that the flaw was an inadvertent bug, not coding by design.
"There's been some speculation that you can only trigger this by using an incorrect size in your metafile record and that this trigger was somehow intentional.
Gibson said that one reason he began thinking that the WMF vulnerability was a back door was because he could exploit the flaw only with a metafile record of an incorrect size.
SetAbortProc, the vulnerable function in the graphics rendering engine (GDI), preceded the Windows Metafile format, said Toulouse, another reason why Gibson's charges don't add up.
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml