

Full details on CVE-2015-0096 and the failed MS10-046 Stuxnet fix - mikebo
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Full-details-on-CVE-2015-0096-and-the-failed-MS10-046-Stuxnet/ba-p/6718459#.VP_m_lOS2hx

======
cm2187
Out of curiosity, does anyone understand why it was a good idea in the first
place to have icons pointing to a DLL instead of having a static icon name or
icon id?

~~~
TazeTSchnitzel
Well, the reason for having it was for Control Panel items. In such cases,
you'd want the icon in sync with the Control Panel item's. Windows, in
general, likes to keep its icons in one place and then reference them from
somewhere.

------
orkj
This reminds me of how "hacking a computer" is depicted in a movie or in tv-
series.

"All we need to do is attach this usb stick and we can download all the files
from their computer"

Well, almost, at least.

------
upofadown
So Windows can run code simply by browsing to a directory with the default
shell?

I have no words...

~~~
UnoriginalGuy
Windows has a bug which was likely a design decision made in Windows 95
development (maybe earlier, Windows 3.1 had CPL applets also). Security wasn't
taken as seriously in that era.

While evidently their bug fix was a little hacky, I guess re-designing how
Control Panel applet icons are rendered was considered too big of a change for
what was essentially a security patch.

Hopefully they kill classic Control Panel completely at some stage in the next
few years. Windows 8, 8.1, and now 10 are going down that road but there are a
lot of legacy Control Panel applets by third parties which they have to deal
with somehow.

~~~
Already__Taken
Windows needed to kill the legacy control panel for a long time. They've put
some new (worse)) front ends to it over time but once you click down to it
there's some ancient non-resizable textarea to read something important in.

They should rebuild it in something powershell can poke so every single
windows setting can be done from the command line, slap a gui on top of that
and manage it all with DSC. Much like how all the new server orientated
features have gone.

~~~
cm2187
I agree on powershell. But I am less enthusiastic about their "metro" style
which look extremely oversimplified from the samples I have seen (and all full
screen, which replaces the frustration of the non-resizable grey boxes with
another!).

~~~
Already__Taken
UI aside I am referring to applications like the new server manager that are
literally a front end to PS cmdlets.

Full screen only metro is gone as of W10 it seems. It's just a flatter art
style and I think the metro stuff something else again, it's not some
powershell driving layer.

------
gpvos
I am assuming that the code being run is the DllMain which is normally called
during LoadLibrary. The proper fix would have been to just map the DLL into
memory _without_ running DllMain, since that is not necessary to read the
icons.

------
SirHobo
Its still so surprising to me that human error is still occurring in security.
Surely, companies/organisations should provide training to stop them form
being insecure.

~~~
cm2187
I think the problem with something like Windows is that it is too big to be
secure.

