Compilers, Integers and Optimizations

I’ve had a good bit of fun (for some value of fun) with hardening SafeInt against what I consider to be some nasty compiler tricks. The problem is that as soon as the compiler hits something that’s technically undefined by the C++ standard, they’re actually allowed to do anything they want, short of uploading your…

2

Bugs and Consequences

I’ve been meaning to write about overzealous compilers, and nice geeky things, but I’m going to use this forum to vent a bit. When I make a bug that messes up a customer, I generally have to fix it. I’m fairly often face to face with the customer, and sometimes all I can do is…

0

Another technique for Fixing DLL Preloading attacks

Back in February, 2008, I posted on DLL preloading attacks and how to avoid them here. It seems that the problem has recently gotten a lot of attention – currently called “Binary Planting”. You can read more about that at the MSRC blog, the SWI blog, on this ZDNET blog post, an update, and a…

3

MS10-048 – Getting the Math Right

The Security Research and Defense blog detailed an integer overflow here. The code looks like this: case DBT_DEVTYP_PORT: pPortW = (PDEV_BROADCAST_PORT_W)lParam; if ((1+wcslen(pPortW->dbcp_name))*sizeof(WCHAR) + FIELD_OFFSET(DEV_BROADCAST_PORT_W, dbcp_name) > cbSize) { MSGERRORCLEANUP(0); } break; They then claimed that it would take a wcslen of greater than 2^31 to cause an overflow, but this isn’t true. Let’s take…

1

Acrobat is Getting a Sandbox

We’ve been helping Adobe to get a sandbox going which is similar to what we used in Office 2010 for Protected View. Their blog post about it is Introducing Adobe Reader Protected Mode. I’m excited that the sandboxing approaches that we’ve pioneered in Office, starting with a sandbox for our search subsystem, the MOICE sandbox,…

1

DSig Q & A

I’m going to cover the answers to some of the questions that came in after Shelley answered the first round in her post. Q: What will happen if I try to verify a doc signed in 2010 in office 2007/Office 2007 ? A: I’m assuming that the person asking meant 2007/2003. Office 2007 doesn’t understand…

0

Office 2010 Digital Signatures and XAdES

Shelley Gu, the program manager for Office signatures, has already posted the PM version of what we’ve done to improve digital signatures in the Office 2010 Engineering blog back in December. Her post is here. While Shelley did a nice job of an overview for the average user, I’d like to dive a bit more…

3

New “Improved” Site

Hrmph. So they managed to disappear my last post, and now my blog looks really generic. I liked the way it used to look, thankyouverymuch. Then I discovered that while Word on my laptop somehow knew the right password, I didn’t have it written down anywhere. Used to just be easy to reset, but now…

1

You don’t have to be faster than the bear

Note – this post disappeared during the blog upgrade, recovered due to search cache. Just got done reading Michal Zalewski’s really interesting post on the Zero Day blog, found here. His premise, which I don’t debate, is that we’ve done a lousy job of defining software security on a scholarly basis. He goes on to…

2

Don’t Use Office RC4 Encryption. Really. Just don’t do it.

Yesterday, a BlackHat Europe presentation on Office 2003 encryption was brought to my attention. Seems that Eric Filiol has done quite a bit of work to recover RC4 encrypted Office documents using an issue that was brought to our attention in 2004. Eric’s paper can be found at this link: BlackHat-EU-2010-Filiol-Office-Encryption-wp.pdf. The paper really just…

1