Posted on 12/21/2011 10:18:07 AM PST by ShadowAce
An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full 'blue screen of death' system crash.
The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines, security alert biz Secunia warns. Fortunately the 32-bit version of Windows 7 is immune to the flaw, which has been pinned down to the win32k.sys operating system file - which contains the kernel portion of the Windows user interface and related infrastructure.
Proof-of-concept code showing how to crash vulnerable Win 7 boxes has been leaked: the simple HTML script, when opened in Apple's Safari web browser, quickly leads to the kernel triggering a page fault in an unmapped area of memory, which halts the machine at a blue screen of death.
The offending script is just an IFRAME tag with an overly large height attribute. Although Safari is required to spark the system crash via HTML, modern operating systems should not allow usermode applications to bring down the machine. Microsoft is now investigating the vulnerability, which was first reported by Twitter user w3bd3vil, although the software giant is racing against hackers tracing the code execution path to discover the underlying vulnerability in Windows 7.
A video of the Safari-triggered crash along with the HTML PoC can be seen here. Other exploit scenarios might also be possible. ®
No the title is NOT correct. It should read Apple Safari web browser crashes Windows 7 x64.
Do you have valid examples of those problems going back to when Windows was written in C? It seems that Safari, an apple entity, has the problem here. Far pointers were common in Windows 3.1 and 16-bit windows in order to adequately access and utilize memory. With the advent of 32-bit systems and flat memory models the need for far pointers disappeared and specifying a pointer as far in 32 bit systems should generate an error. I believe that Win64 systems no longer support a Win16 sub-system so you should not be able to run Win16 apps on a 64-bit system.
While this is most likely a Microsoft issue, it is possible that Safari installed itself in such a way to access Ring 0.
Safari is just an application. It takes a Windows apologist to advocate patching a system security hole by changing an application. If Windows were not broken, Apple's app would simply have crashed. There would have been no blue screen and no opportunity for a hacker to own the system.
The blame is 100% on Microsoft. Apple deserves kudos for exposing the hole (intentionally or not, LOL)!
Actually now that I watched the video and did a quick review of the blue screen it does look like a bug in win32k.sys.
It just took some of Apple’s shoddy code to expose some of Microsoft’s shoddy code.
The fix is obviously to upgrade the operating system to OS X.
I am not a computer geek, but I have used a pc for almost 20 years now, and in those years I have seen the progression of pcs take me from knowing alot to making me stupid.
Currently I have a 64-bit pc runs with Vista’s OS. Before I purchased this pc, my old one used XP, and Safari was one of the browsers I used at times. So when I upgraded to this 64-bit with Vista I installed the software I wanted and Safari was the last thing I installed.
Well, within a week, my pc started shutting down and I even saw a few blue windows where IU was warned of problems. I immediately uninstalled safari and never had a problem again.
So the problem of Safari also seems to effect 64-bit windows that run Vista, at least it did for me. So to me this is nothing new.
It wouldn’t surprise me. I don’t think the folks at Safari really intend for the program to be run under windows 7 et al. It’s true that an OS is supposed to work with most of what is there, it’s not the fault of the OS if a program crashes.
A while back, I had an issue kind of like that on my Mac. I needed to check out an FRx report (part of the Microsoft Great Plains accounting system). So, I fired up a Windows virtual machine I hadn't used in months and tried to start FRx. It promptly bombed on some sort of arithmetic overflow error every time. It had worked fine in the same VM the last time I'd used it.
The VM was running full-screen on my new 30-inch external monitor. Wondering if that might be the problem, I switched the VM to run in a normal application window, which I sized to something like 1600x1200, the size of my old external monitor (down from 2560x1600 at full-screen). FRx then ran fine in its own window within the VM's window. It turned out what mattered was the overall screen size, not FRx's application window size.
HMMMMM
Perhaps . . . have you been using Safari?
So the problem of Safari also seems to effect 64-bit windows that run Vista, at least it did for me. So to me this is nothing new.
One of the fundamental rules of an operating systems is If any application program is able to crash an "operating system", Microsoft system 7 and 8 are nothing I would recommend a robust op/sys such any variant of *nix I defenestrated in 2002 switching to Mac OS X. A robust Unix with the User Friendly interface of Apple. Since the advent of Intel Mac there is no reason not to. I've been involved with the development, testing and installation
of operating systems for well over 45 years.
starting with OS/MVT through z/OS and
all flavors of Unix at Bell Labs
that it can not be taken down by any application !
Any robust op/sys should be able to shed a rogue application program.
the "operating system" has fundamental flaws.
Complete systems and integration testing starting
at the module level should have taken place.
but variations on Windows NT.
VISTA was horrible
Windows 7 is much better- install that as soon as possible
Yep, but the system problems are a Safari problem and not 64-bit windows problem. The developers of Safari, for whatever reason did not bother to test, identify, or fix any issues its browser might have running in a 64-bit system. That is fine, it is primarily meant to be a Mac browser and if they don’t care about people who want to run it on a Win64 system then that is their business. Software developers who want their software to continue running on Macs will certainly address any issues with a new or updated OS and the same applies to Apple and its software. Mac is not expected to completely maintain backwards compatibility and neither is MS.
Safari was written to run on other OS; it had to be for it to work on those systems and they need it to work with iTunes on other systems. On the side, I don’t install iTunes updates unless I absolutely have to because its effects on other than Mac OS seems to be unpredictable, causing BSOD and loss of iTunes data files. It sometimes seems akin to malware.
Seems you knew about it before anyone else did.
There’s 2 great reasons not to get Macs:
1 - you can buy 2 solid PCs for the price of a Mac
2 - all the software is written for Windows. Yeah sure Mac can pretend to be Windows, but good luck getting support if there’s a problem, the companies support Windows, not pretending to be Windows.
Yeah Windows has problems. Whatever. It’s fast, it’s smooth, it’s actually pretty stable (I haven’t seen a blue screen in years), it’s cheap (if you’re at all connected to the industry it’s free legally), and there’s tons of software available. Sure you don’t get to be snooty about your OS, but only a pathetic loser takes pride in the OS on their computer anyway, and you wants to be one of them. Take the money you save buying a PC and go to the liquor store and learn to be snooty about something cool like scotch.
7 is basically Vista with less bugs, so anything that crashes 7 is probably gonna spike Vista too.
As I said, I am an almost 20 year user, and in that time I have learned many lessons when dealing with pc troubles.
The biggest problems I always face, come from compatibility with programs I have installed. So I try to install programs slowly to see if there is a compatibility problem. I never take a chance.
Mainly, because I hate pc troubles, so much so I am considering going to Mac next time I get a new computer.
Anyway, I give it a while before adding new programs so I can see if things are doing good. If I have trouble, I start with removing the last software I installed then go from there. If it fixes the trouble, and 95% of the time it does, I consider it a buyer beware problem.
If it does not fix the problem, then I consider it must be my pc that is the problem. Many friends and relatives have had problems with identical software and OS that I never had, and vise verse. It all boils down to programming, manufacturing, electricity, and user usage.
As a rule I do not get discombobulated over things so much so that I end up calling tech support, unless the machine is brand new. Usually if it is new, I demand a replacement, because I will not work with anything that has problems fresh out of the pack. That is just asking for continued trouble.
So if the problem seems to be a software problem, especially if that software is free like browsers are, then no one usually knows but me until I read an article like this.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.