Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Monday April 09 2018, @06:12PM   Printer-friendly
from the (unsigned⠀int) dept.

https://www.theregister.co.uk/2018/04/04/microsoft_windows_defender_rar_bug/

A remote-code execution vulnerability in Windows Defender – a flaw that can be exploited by malicious .rar files to run malware on PCs – has been traced back to an open-source archiving tool Microsoft adopted for its own use.

[...] Apparently, Microsoft forked that version of unrar and incorporated the component into its operating system's antivirus engine. That forked code was then modified so that all signed integer variables were converted to unsigned variables, causing knock-on problems with mathematical comparisons. This in turn left the software vulnerable to memory corruption errors, which can crash the antivirus package or allow malicious code to potentially execute.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Funny) by Anonymous Coward on Monday April 09 2018, @08:31PM (5 children)

    by Anonymous Coward on Monday April 09 2018, @08:31PM (#664656)

    No, the real blame is that RAR was written by a Russian! Yes, Russians! It allowed Russia to hack Windows and tamper with the election making sure Trump won!

    Starting Score:    0  points
    Moderation   +1  
       Funny=1, Total=1
    Extra 'Funny' Modifier   0  

    Total Score:   1  
  • (Score: 1, Flamebait) by DannyB on Monday April 09 2018, @08:56PM (1 child)

    by DannyB (5839) Subscriber Badge on Monday April 09 2018, @08:56PM (#664672) Journal

    Not Windows. It was Zuckerbooger's Facegrabber (like in Alien) that allowed the Russians to elect Trump.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    • (Score: 3, Insightful) by Bot on Monday April 09 2018, @10:38PM

      by Bot (3902) on Monday April 09 2018, @10:38PM (#664721) Journal

      Why did they elect a friend of Israel enemy of Syria allied of themselves? Must be one of those russian loooong games. Let me sift through some historical surveillance logs...

      - Sir, we are ready
      - OK then, let's pick the next president
      - Here, behold the candidates
      - ....Wew ladski... can't we have Obama elected one more time?
      - No sir, it's illegal in America
      - I know, I was kidding.
      - Oh, you got me, sir.
      - So... any of them in bed with Israel?
      - haha sir, I am not falling for it again, of course they are.

      --
      Account abandoned.
  • (Score: 2) by Thexalon on Tuesday April 10 2018, @01:45AM (2 children)

    by Thexalon (636) on Tuesday April 10 2018, @01:45AM (#664767)

    No, it's all a false flag by GNU, organized by Richard Stallman himself, to try to convince the public to ban RAR in favor of tar.bz2.

    Fnord.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 1) by anubi on Tuesday April 10 2018, @02:12AM

      by anubi (2828) on Tuesday April 10 2018, @02:12AM (#664779) Journal

      All this time, I thought old Phil Katz, originator of PKZIP, had by far the most elegant solution to file compression.

      And thought this "DriveSpace" brought into DOS6.22 was pure unadulterated crap.

      Sure would have liked to have seen DOS 6.22 had "ZipFolders" instead. So the filesystem would see a .ZIP file as a folder. With the tradeoff being opening the folder took RAM and time.

      It would have taken file organization to a whole new level when an entire folder would have been neatly packaged as one file.

      Yes, we have the equivalent now... but its something I sure could have used back then.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
    • (Score: 2) by tangomargarine on Tuesday April 10 2018, @04:26PM

      by tangomargarine (667) on Tuesday April 10 2018, @04:26PM (#665010)

      Nice try, but Bzip2 is BSD-licensed. Obviously RMS would advocate the use of gzip, which is GPL...and, y'know, part of that whole GNU project that is sort of his life's work.

      Hand in your nerd card on the way out.

      --
      "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"