Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Bug Microsoft

Microsoft Admits XP Has Same Bug As Win2K 161

Arashtamere sends in a Computerworld story on a security flaw in the Windows 2000 pseudo-random number generator published by Israeli researchers earlier this month. Microsoft has now admitted that the flaw is present in XP too. Microsoft denies that the bug is a security vulnerability, since an attacker would have to have gained administrative access to a system before exploiting it. (The Israeli researchers point out that many common exploits provide admin access.) This stance apparently lets them off the hook for patching Win2K, which is in "extended support" mode, though it powers about 9% of US and EU business computers. Microsoft said that XP SP3, due in the first half of next year, will fix the bug. The company said that Vista, Windows Server 2003 SP2, and the new Windows Server 2008 are not vulnerable.
This discussion has been archived. No new comments can be posted.

Microsoft Admits XP Has Same Bug As Win2K

Comments Filter:
  • stupid (Score:4, Insightful)

    by Anonymous Coward on Thursday November 22, 2007 @12:05PM (#21446445)
    if you already have admin access via another "exploit" why would you bother attacking via random number generator, seems like its a lot of fuss over nothing, Windows has alwayss been vunerable locally (luckily for admins whose users forget passwords etc) so the most worry is over a remote exploit which this flaw isnt. But iam sure some million dollar company will sell a solution for this, paranoia is a great sales tool in the murky world of snake oil, cough i mean computer security
    • Re:stupid (Score:4, Informative)

      by Anonymous Coward on Thursday November 22, 2007 @01:14PM (#21446975)
      Because you own a machine _now_ doesnt give you access to the encryption keys that was generated in the past.

      This PRNG vulnurability does just that. Keys derived from it can be recovered by an attacker who compromises the machine _after_ the key was used and discarded.
      • Re: (Score:3, Informative)

        by lgw ( 121541 )

        Because you own a machine _now_ doesnt give you access to the encryption keys that was generated in the past.

        Except that it pretty much does for Windows NTFS encryption. Thank you "key recovery account". For that matter, on a Windows machine not in a domain with default settings, you can get the NTFS encryption keys with no accounts at all, just stick the drive in your machine and "recover" the keys with the local admin account. Checkbox feature for the win!

        And if you're using real encryption instead, you're not caring about the Windows RNG I hope.

        • CryptGenRandom is supposed to be the Windows-equivalent of /dev/urandom. Except it's not, because of this design flaw. The implications of this extend far beyond encrypted NTFS volumes.

          For example, an attacker can passively monitor a network of Windows machines, wait for one of them to do something interesting (like connect via SSL www.paypal.com), then actively compromise those selected machines later, and gain enough information to decrypt the captured SSL sessions.

          Basically, if you encrypt somethin

      • The PRNG is reseeded for each new process. This means that the vulnerability where you break the PRNG is only good for the process you exploited. Once the process is closed or restarted you're no longer in.

        As the GP said this is a fuss over nothing. It's one of those vulnerabilities where you have to think real hard to imagine a way it could be used maliciously. (Though I agree that MS should make proprietary crypto algorithms open to public scrutiny.)
    • Windows has alwayss been vunerable locally (luckily for admins whose users forget passwords etc)
      Ah...no. You can edit the administrator password directly on the hard drive, but you can do the same for Unix systems. You are confusing physical access with privilege escalation flaws.
    • Knowing someone's password can be handy. Most folks use the same password on multiple machines or entire networks. Moreover they seldom change them.
    • I'm pretty sure you don't need admin access to do damage with this bug. All you need to do is to read the memory of a process (say, firefox.exe) that's using the RNG, since a lot of the state is held in user space, and it's not updated very often (like once every 128 KiB of RNG output!).
  • by Blakey Rat ( 99501 ) on Thursday November 22, 2007 @12:06PM (#21446449)
    If you have admin access, the battle's already lost. What's the point of running a complex process to obtain their password when you have full access to everything on their computer? Might as well just drop in a keylogger and get the same info much easier.
    • by xaoslaad ( 590527 ) on Thursday November 22, 2007 @12:14PM (#21446513)
      Granted, I agree with this for the most part. However, it always seems like there is that one person that looks at a problem like this in a way that no one else had prior and manages something completely expected. It's only at the point that a virus is running amok across half the corporate networks in the world that we find out you did not really need administrative priveleges if you did x, y, z first...

      History is full of examples, probably both within and out of the computing field where people thought that 'that' was impossible...
    • by abigsmurf ( 919188 ) on Thursday November 22, 2007 @12:15PM (#21446519)
      But to say that is to deny our ability to flame MS! Clearly it's an example of MS' incompetence that a random number generator that's 7+ years old has been broken by recent maths and it can be exploited to gain full access when you already have full access!
      • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Thursday November 22, 2007 @12:31PM (#21446645)
        Microsoft claims this is not a "security vulnerability" because the machine has to already have been cracked to exploit it.

        That is not 100% correct.

        It is still a "security vulnerability".

        It just cannot be exploited to increase your access on that machine.

        That we know of. Today. So the code still needs to be patched. Security is not an "either / or" situation. You have to reduce the effectiveness of threats.
        • by UncleTogie ( 1004853 ) * on Thursday November 22, 2007 @12:44PM (#21446743) Homepage Journal

          Microsoft claims this is not a "security vulnerability"...

          Thanks for the flashback to l0pht's old page....! For those who don't remember it before it got rolled into @stake:

          "'That vulnerability is entirely theoretical.'-- Microsoft;
          L0pht, making the theoretical practical since 1992."
        • One concrete weakness of this attack is that it permits you to reverse-engineer "secure" sessions _before_ you got admin privilege, as the random number generator can be 'rewound'.

          So-called forward security (yes, looking at things in the past is 'forward' :-) ) is an important trait, and MS's scheme is missing it.
        • It would be far more accurate to say that M$ claims that this is not a bug, because the latest version does not have it ie. it is an upgrade feature. How many other products would you accept this for, a defect in a motor vehicle. No recall because the latest version does not have that defect, you just have to trade in for the upgrade (M$ version of a trade in , it is more expensive than the original OEM).
    • Re: (Score:3, Insightful)

      If you have admin access, the battle's already lost. What's the point of running a complex process to obtain their password when you have full access to everything on their computer? Might as well just drop in a keylogger and get the same info much easier.

      Most of the other ways to get to the passwords would leave a detectable trace, especially keyloggers. Or they need a reboot. If you're really after the user passwords, resetting them to something else is also not an option. AFAIK there is no other *easy* w
    • Re: (Score:3, Interesting)

      by joss ( 1346 )
      The point is that people often use the same passwords
      on multiple systems. If you can crack them you can
      very likely gain access to other systems without having
      to wait for uses to login at a time when you dont know
      how long you have control of the system
    • Re: (Score:2, Insightful)

      by Terrasque ( 796014 )
      This is how I read it :

      "At the moment we know of no way to abuse this bug without already having obtained Administrative access."

      I will almost bet money that there is a smart bugger out there which find a way to abuse this.
      That we don't know of a fearsible attack right now is no excuse not to fix the bug IMHO.
    • by mosch ( 204 ) on Thursday November 22, 2007 @12:59PM (#21446865) Homepage
      If you truly agree with MSFT, then you should quit working in computers right now, for everybody's sake.

      Many corporate computers have local admin accounts that are likely to share a user/password combo across large numbers of machines. A keylogger might not get you these credentials, but the ability to crack these credentials could get you admin access to a huge number of other computers.

      It is people like you who make sure that security consultants will never want for work.
      • Re: (Score:3, Insightful)

        Yeah, because Microsoft doesn't know what they're talking about. This is a PRNG flaw, it doesn't help you "get credentials" in terms of getting Windows logins/passwords. For Christ's sake. Once you have access to the machine, you can theoretically access any encrypted data on the machine because you can get the session keys for e.g. SSL sessions. But, of course, since you already have admin access you could do this any of various other ways anyway.
        • by mosch ( 204 )
          You don't get it.

          If you work in computers, quit. You're bad for society.
          • Roger that - I'll quit. May I also commend you on your excellent and rational rebuttal. You, sir, have a finely honed mind.
            • by mosch ( 204 )
              I didn't expect that argument to work, but I'm glad it did.

              Your previous reply missed the mark by such a wide berth I thought you were too fucking stupid to recognize your own stupidity. After all, you were claiming that if any admin flaws exist, then it doesn't matter if the cryptography is also broken, which is one of the most ignorant and fuckwitted claims I've ever read.

              I mean honestly, it was such a dumb fucking claim that I really didn't think you'd recognize how utterly inferior and useless you are.
  • At last... (Score:5, Funny)

    by EsbenMoseHansen ( 731150 ) on Thursday November 22, 2007 @12:09PM (#21446471) Homepage

    A reason to upgrade to Vista! ;)

    • Re: (Score:2, Funny)

      by Anonymous Coward
      Yes sir, Vista it is. Then Window 7 will fix Vista security ... we should wait for Window 7 or better Window 8 ... Right?
      • Wait for Windows 2037. I hear it fixes some major flaw that sllows privilege escalation, related to the use of the time_t structure.
    • Re: (Score:1, Interesting)

      by muldy ( 607226 )
      And it will be "technologically impossible" to correct XP. Vista will get a "steath update" for this.
    • Re: (Score:3, Funny)

      And, no "upgrade" is really necessary, Vista comes preinstalled on all new PC's!
      At the cost of "upgrading" your old PC, you can get a new box with much more power than you need!
      (now, where is that Open SuSE [opensuse.org] installation CD...)
      Got to hand it to those Novell people, that's a nice OS!
      Anyone here manage to get Vista and Open SuSE to "dual boot", and if so, any issues?
  • by leuk_he ( 194174 ) on Thursday November 22, 2007 @12:13PM (#21446489) Homepage Journal
    This article refers to this summary [buslab.org] of this paper [iacr.org]

    I fail to see why you would need administative privelidges however. You would only need to run in the userspace of the process that did run the random number generator before. Having administrative privs would be nice to inject code into that userspace, but is not needed i think.

    It can get even worse if from a public key part the random number that was used to generate it can be extracted, what was done in early ssl implementation attacks.
    • by MoogMan ( 442253 ) on Thursday November 22, 2007 @01:50PM (#21447245)
      As the winsock TCP/IP stack randomises it's TCP sequence numbers, I would suggest that it's very likely that it uses a PRNG output directly, and therefore is at risk of being spoofable.

      Theoretically, one would need knowledge of just one TCP sequence number, and then it could generate the future sequence numbers coming out of the box. Therefore one would be able to hijack TCP/IP sessions *much* faster and easier than before.

      Anyone know to the contrary?
    • That's true. I don't remember if it's still this way, but in the 9x days any process could arbitrarily decide to "debug" another and be granted access to its internals.

      If that's true of the NT line, you could exploit this without admin privileges easily.
      • I think the NT line puts limits on what processes can debug each other though I don't know exactly what they are.
  • Has Microsoft officially stated that the bug is not present in Vista? Or will they "recently discover" that too.
  • Article (Score:5, Interesting)

    by cbart387 ( 1192883 ) on Thursday November 22, 2007 @12:24PM (#21446597)
    Here [acm.org] is the original article on the ACM.

    Very brief summary of article
    Each process has their own instance of the generator, and the refresh of the internal state is done after 128 kbs of output from the generator (roughly 600-1200 SSL connections with IE). Not only that, it is run in the userspace so it is not a security violation to examine the internal state of the generator. The function used is not one-way which provides a means looking at past transactions of a user (within the 128 kbs of data).
  • "The company said that Vista, Windows Server 2003 SP2, and the new Windows Server 2008 are not vulnerable."
    • Re: (Score:2, Redundant)

      by B3ryllium ( 571199 )
      This is the same company that initially said that XP was not vulnerable. How much do you trust that statement, in light of this?
      • Where did Microsoft say XP wasn't vulnerable?

        A lot of people assumed it wasn't because the testing was done on Win2k, but Microsoft never confirmed it. In fact, the article states they were very hesitant to do just that:

        As recently as last Friday, Microsoft hedged in answering questions about whether XP and Vista could be attacked in the same way [...] Yesterday, however, Microsoft responded to further questions and acknowledged that Windows XP is vulnerable

        So, in light of them actually admitting they're at fault, why wouldn't you trust it?

        • Fair point :)

          There are other reasons not to trust MS, of course, but from what I understand ... vista's weird incompatibilities are just an annoying symptom of touching Windows in its naughty place - in other words, because MS rewrote so many of the lower-level subsystems in Vista, they probably ended up fixing many outstanding bugs from previous generations. The downside, those incompatibilities and quirks and new bugs/exploits, will hopefully get a lot brighter in SP1 :)
          • I have to be honest - I think a lot of the outstanding bugs are related to Microsoft's focus on backwards compatibility, which I feel is unnecessary and holds back Windows development. In a way, I'm glad a lot of things broke in Vista - because in the end, a lot of things are only breaking because there are some terrible coding practices at work out there.

            One entry on Raymond Chen's blog (which is a goldmine for the weird quirky things that some programs expect Windows to handle) explained a situation where
            • In the end, while Linux and Apple can afford to break things a little every now and then to consistently improve, Microsoft set themselves up for a massive fall because they spent so long trying to make everything work before that now they aren't trying as hard, everyone sees it as a failure.
              Yep, the most important thing to a customer is to keep thier software working.

              Upgrading to a new version of windows eventually is practically forced by the older version getting it's support dropped by hardware and soft
    • by DrYak ( 748999 ) on Thursday November 22, 2007 @01:16PM (#21446981) Homepage
      Meanwhile, free/libre open-source unices like Linux and *BSD have been having a sound random generator [wikipedia.org] that doesn't suck too much [seclists.org] for, like, ages...

      No, sorry, you can keep Vista for yourself.
      • Re: (Score:2, Informative)

        by Anonymous Coward
        The Linux RNG was vulnerable in the past too. What was your point?
        • The Linux RNG was vulnerable in the past too. What was your point?
          My point is precisely that : -----------^

          Open source code. Easier to do research on it, easier to fix.
          Whereas Windows has closed source, and you're pretty much stuck relying on Microsoft to provide fix (which they might not, hoping to use it as an argument to encourage shift toward Vista).
  • I for one welcome our new random number generating overlords But seriously, aside from the "we're exploiting this because we can" this is hardly a security liability. They already have administrator and there's not much left to be compromised.
  • by compumike ( 454538 ) on Thursday November 22, 2007 @12:32PM (#21446649) Homepage
    While in general I think open-source and closed-source software can coexist, I think this is a pretty good example of why anything related to crypto should be open. All of public key cryptography relies on the secrecy of private keys, not on the secrecy of the algorithm itself. And while they might have faithfully implemented the algorithm, who knows what kinds of arguments/whatever to the crypto functions might cause undesired results -- it's just too hard to test.

    In any case, the thing that surprised me most from the article was that Windows 2000 users would be left out in the cold: "Because the company has determined that the PRNG problem is not a security vulnerability, it is unlikely to provide a patch [for Win2K]." Wow. Especially when it's something this easy to fix. This bug also solves any attacker's problem of trying to sort valuable from non-valuable information, since presumably any valuable information (credit cards used online, etc) will use encryption. And while someone suggested that a program should use its own random number generator, there is a problem because, in general, your application (not running as Admin) shouldn't have access to nearly the same amount of entropy sources (like network activity, GUI inputs, etc).

    Educational microcontroller kits for the digital generation -- great gift! [nerdkits.com]
    • Re: (Score:2, Informative)

      Especially when it's something this easy to fix.

      It might be easy to code the fix, but it's (at least) an order of magnitude more work to actually test it. Windows supports thousands of different hardware configurations, in hundreds of different languages.

      Yeah, Microsoft could release this as a hotfix. For any customer that screams loud enough (and pays enough), they may well do.

      To be honest, I'd rather see Microsoft focus their efforts on XP SP3, Vista SP1 and 2008 RTM (2003 SP2 only just came out,

      • Re: (Score:3, Insightful)

        by lgw ( 121541 )
        Does 7 years sound like a long time for a computer product to be in service to you? What platform do you work with again?
      • "It might be easy to code the fix, but it's (at least) an order of magnitude more work to actually test it."

        Well, that depends. They already have the code and it is not that the API needs to much testing I suppose. I mean, getRandomXxx() with some 4 different strings for Xxx should be enough. Feed the output into a FIPS random number testing tool (for testing weirdness, I mean the code has already been tested in other configurations) and go.

        Sure it is a bit of work, but the test code should be available alr
        • Surely all they'd need to do to test it is something like this test [coredump.cx]

          Can't take that long to generate a few thousand points to plot to check distribution of their PRNG.

          • Just for your information, distribution is just one part of the test suites for randomness. A counter going from 0..99 has a perfect distribution over 100 elements. It is also extremely non-random. There are quite a number of mathematically complex tests to perform before something is considered random enough. And even then you cannot distinguish between true randomness and a rather complex mathematical method that just uses the previous output as only input parameter. So the tests you are pointing to are n
  • Not that I consider this flaw terribly serious unless it has the ability to compromise other encryption algos run on the machine aside from user passwords. I've never considered windows encryption secure, so never bothered with it. A person with admin rights could do what they wanted anyway as far as the system goes.

    The real downside of W2K is that MS has given it the shaft for awhile, even when it wasn't in extended support they were still not supporting it very well for the last couple years as far as th
  • Microsoft Admits XP Has Same Bug As Win2K

    More correctly, "Microsoft Admits XP has same bugs as Win2K."
  • No hotfix ? (Score:3, Interesting)

    by Anonymous Coward on Thursday November 22, 2007 @01:10PM (#21446945)
    >Microsoft said that XP SP3, due in the first half of next year, will fix the bug.

    It should be an offence to know and state you know about a bug but sit on the fix for months. This is a really stupid MS position and will push people more towards alternatives like GNU/Linux.
    It should be a hot fix right now.
    • by dbIII ( 701233 )
      No, I think the things that will push people towards it (and macs) are stuff like 32 bit Vista not being able to address a full 4GB no matter how many CPUs you have and the 64 bit version having a lack of drivers. Server 2003 Enterprise version doesn't have that problem but most are not even going to bother to find out the price, let alone spend it.

      Some people might see it as an annoying limit like the people that bought 28800 bps modems and found that Win 3.11 couldn't go past 9600 bps due to an arbitrary

  • by Stephen Samuel ( 106962 ) <samuel@bc g r e en.com> on Thursday November 22, 2007 @01:39PM (#21447157) Homepage Journal
    If this bug was in RedHat 5.2, there would be no issue about getting this critical bug fixed. If nothing else, I could just fix it myself -- and put the necessary patches to the source packages on my website.

    No worries about whether or not it's even legal to fix a machine that I'm using to run my business.

  • ...but I can't complain that XP has the same bug as Windows 2000 in this case-- if the researchers didn't find the problem and publish it before last month, it seems to be asking a little much to expect Microsoft to fix a bug nobody knew they had.

    As to patching Windows 2000: They're going to patch XP, and if the bug is in both, chances are it's the same code. I believe they should at least look at it and see if a patch is going to be simple. That said, it'd have to be darned simple to be worth it: if you're
    • it seems to be asking a little much to expect Microsoft to fix a bug nobody knew reported until now
      There, fixed it for you. Just because this is the first time the bug was reported doesn't mean it's the first time it's been discovered. It may have been privately exploited for years at this point.
  • Microsoft denies that the bug is a security vulnerability, since an attacker would have to have gained administrative access to a system before exploiting it.

    Let's see here. When I bought my new laptop (with MCE on it), I logged in as myself (with admin rights). I tried to downgrade myself to a "Power User"
    I was told by MCE that "there must be at least one administrator".
    I logged out and logged in as "Administrator" and tried to downgrade my normal userid.
    I was told once again by MCE that "there must

  • So it's not an exploit because you already had to get administrator access in order to do it. Funny how they didn't use that logic when it came to implementing mandatory driver signing in Vista 64. A rootkit would already need to have administrator access to get loaded.

    Thank you, Microsoft, for proving that you lied about the reason why you made driver signing mandatory.

Things equal to nothing else are equal to each other.