jaclaz Posted February 22, 2015 Share Posted February 22, 2015 (edited) I don't know , but maybe this thingy is becoming a mountain out of a molehill . If you check the actual CVE's supposedly "covered" by KB3013455, the first three: CVE-2015-0003 CVE-2015-0057 CVE-2015-0058 are about a LOCAL AUTHENTICATED USER possibly being able to gain elevate privileges. The last two: CVE-2015-0059 CVE-2015-0060 are about being tricked into opening a specially malformed TrueType Font and/or a specially crafted document. ALL FIVE are rated as "Exploitability: Unproven". The first three are not a threat as long as you don't allow local access to your PC, the last two while more preoccupying in theory are very unlike to happen if you use some "common sense" when browsing the Internet. Call me reckless or crazy as much as you want, but personally I will sleep fine tonight (and slept also really fine yesterday and the night before) even if I have not patched these vulnerabilities. jaclaz Edited February 22, 2015 by jaclaz Link to comment Share on other sites More sharing options...
glnz Posted February 22, 2015 Author Share Posted February 22, 2015 jaclaz - You and most others here are far more knowledgeable than I about computers. What does it mean, and how do I make sure, that I don't allow local access to my PC? Sorry for noob question, and thanks. Link to comment Share on other sites More sharing options...
Atari800XL Posted February 22, 2015 Share Posted February 22, 2015 Thanks for the information, jaclaz.So, what's you guess on how many of the other updates around (be it xp, w7, w8) would fall into that same category? 90+%?Just a question, I've always wondered about stuff like that, would love your opinion on it... Link to comment Share on other sites More sharing options...
harkaz Posted February 22, 2015 Share Posted February 22, 2015 @Outbreaker Yes, I compared these two files. I'm trying to create a patch for XP's win32k.sys right now. Link to comment Share on other sites More sharing options...
Atari800XL Posted February 22, 2015 Share Posted February 22, 2015 Sounds great, harkaz. So that's a patch from the latest official POS ("bad fonts") version, back to a fully updated version without problems? It would be great if we could start that patch after the update was already installed (from any of the packs out there).Thanks for the effort! Link to comment Share on other sites More sharing options...
harkaz Posted February 22, 2015 Share Posted February 22, 2015 (edited) Patch is ready. You can try it now. You'll need to have my CA root installed for the catalogs to install (double-click update\update.reg in .zip I uploaded BEFORE running update\update.exe). Fix: http://s000.tinyupload.com/?file_id=55128295046725465161 Edited February 22, 2015 by harkaz 2 Link to comment Share on other sites More sharing options...
jaclaz Posted February 22, 2015 Share Posted February 22, 2015 (edited) jaclaz - You and most others here are far more knowledgeable than I about computers. What does it mean, and how do I make sure, that I don't allow local access to my PC? Sorry for noob question, and thanks.Basically it means that IF someone physically enters the room where your PC is AND he/she logs in with a valid login/password THEN he/she might be able to get full control of the machine.These kind of vulnerabilities make no sense[1], meaning that IF someone can put his/her hands physically on your machine there are tens of ways he/she can get full control of it, including by-passing or cracking login password, and what not. Now if you leave your home front door open and have on it a sign to the effect of "Please come in and feel free to use my PC, login is "Admin" and password is "password", THEN it is possible that the "guest" will use one of these vulnerabilities, though it is very unlikely because as said there are tens possible (and actually proved/working) ways to get full privileges. Thanks for the information, jaclaz.So, what's you guess on how many of the other updates around (be it xp, w7, w8) would fall into that same category? 90+%?Just a question, I've always wondered about stuff like that, would love your opinion on it...The issue - generally speaking - revolves around the differences between "vulnerability", "risk", "threat" and "probability" and they are interconnected. As I see the matter:A vulnerability is something that in theory can be done.A risk is something that in theory and in practice can be done and that has a given (low) probability of being done.A threat is something that in theory and in practice can be done and that has a given (high) probability of being done. Let's use an example in another field, let's start within your home, specifically your front door lock.Your front door lock is vulnerable, as it can in theory be opened in several ways.There is a risk of the door lock to be opened, as there are several documented ways to open it, let's say by picking it or bumping it.Bad guys are known to go around opening other people's door locks so there is also a threat. The probabilities of your front door lock being opened, i.e. the "step" between "risk" and "threat" depends on a number of factors, the place where you live, if it is a flat in a combo or a family house, your habits, etc. You can change your front door lock with a high security one that cannot (in theory) be picked nor bumped, this way you have eliminated a vulnerability of the lock, BUT this wont' prevent the burglar from opening it with the key copy that is under your door mat or in the flower vase on the left. As well, nothing prevents the burglar to kick open the door, nor to enter from the windows on the back you left open . You have eliminated a vulnerability or two of the lock, but you have not in anyway reduced the risk or the threat of a burglar entering your home. This does not mean in any way that you should remove the lock from your front door or leave it open on purpose, only that the difference in reducing the risk or nullifying the threat between having a "common" lock and a "high security" one is in practice non existing as a given vulnerability has been patched but there are several other vulnerabilities, actually easier to implement or more probable to be used, that would allow anyway the burglar to enter. As it is common to say, a chain is only as strong as its weakest link, and usually, when it comes to computers, that link is the actual user.Previous discussions:http://www.msfn.org/board/topic/163539-are-ms-updates-for-xp-really-necessary/http://www.msfn.org/board/topic/171606-xp-os-vulnerabilities-after-april-8-2014/ jaclaz [1] in any "controlled" environment, i.e. they may apply to - say - a PC in an Internet Cafe or in a public Library, but not on the average PC at home or in an office. Edited February 22, 2015 by jaclaz Link to comment Share on other sites More sharing options...
Atari800XL Posted February 22, 2015 Share Posted February 22, 2015 Patch is ready. Thanks, I had a laptop setup already to test. But it's ENU only I guess? Any way I can apply the patch to a different language? Link to comment Share on other sites More sharing options...
Outbreaker Posted February 22, 2015 Share Posted February 22, 2015 (edited) @harkazTested it and the fronts problem is gone and i also didn't run into any other problems. Is there any reason why you used the win32k.sys file verison 5.1.2600.6733 and not 5.1.2600.6713 (only one number higher than the KB3013455)? I think there could be an installation problem if Microsoft releases next month a win32k.sys with a file version below 5.1.2600.6734. Edited February 22, 2015 by Outbreaker Link to comment Share on other sites More sharing options...
Atari800XL Posted February 22, 2015 Share Posted February 22, 2015 Aahh, now I'm jealous, outbreaker!!I really hope harkaz can explain the patch, to allow other languages to use it too! Link to comment Share on other sites More sharing options...
Mister Floppy Posted February 22, 2015 Share Posted February 22, 2015 (edited) Aahh, now I'm jealous, outbreaker!!I really hope harkaz can explain the patch, to allow other languages to use it too! Yeah, that would be great! I'm using a german version of Windows XP, but can't install the patch because of the warning message "Setup cannot update your Windows XP files because the languageinstalled on your system is different from the update language." Changing the regional and language settings via the control panel has no effect, unfortunately :-( Edited February 22, 2015 by Mister Floppy Link to comment Share on other sites More sharing options...
harkaz Posted February 22, 2015 Share Posted February 22, 2015 A visual explanation of the patch: Link to comment Share on other sites More sharing options...
Atari800XL Posted February 22, 2015 Share Posted February 22, 2015 Thanks harkaz! So now we can patch our localized versions of win32k.sys?Please confirm which version we need and where to get it.Can we use your patch,zip structure, and only replace win32k.sys? Link to comment Share on other sites More sharing options...
harkaz Posted February 22, 2015 Share Posted February 22, 2015 (edited) @Atari800XL Creating your own catalog file for your patched, language-specific win32k.sys is required. Also, update the update.ver file with the new checksums. Otherwise, use the same zip structure. (Make sure it's language-specific) The version to patch is: 5.1.2600.6712 (botched KB3013455 from Microsoft Update catalog) Make sure you increment the version number at least by one (i.e. minimum 5.1.2600.6713) ADDED (forgot): Also, patch the language-specific update.exe to accept modified update.inf file, and use language-specific installation files. Edited February 22, 2015 by harkaz Link to comment Share on other sites More sharing options...
Dave-H Posted February 22, 2015 Share Posted February 22, 2015 @harkazTested it and the fronts problem is gone and i also didn't run into any other problems. Is there any reason why you used the win32k.sys file verison 5.1.2600.6733 and not 5.1.2600.6713 (only one number higher than the KB3013455)? I think there could be an installation problem if Microsoft releases next month a win32k.sys with a file version below 5.1.2600.6734. Yes, I wondered about that too.Wouldn't it have been better to keep the same version number as the faulty version of the file on the "fixed" version?Then Windows Update will just think you've got the "official" faulty version installed. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now