Windows debugger is, er, buggy

http://www.theregus.com/content/55/25023.html

By John Leyden
Posted: 05/23/2002 at 06:50 EST

Microsoft has admitted that its Windows debugging facility is itself subject to a security bug.

In an advisory issued yesterday, Microsoft admitted the authentication mechanism for the debugging facility is flawed in a way that allows unauthorised programs to gain access to the debugger.

The upshot of this is, providing an attacker can log-in to a target machine - and that's a big if - a cracker can screw your Windows box six ways to Sunday.

If they obtain access either directly to a console or through a terminal session, crackers might be able to run code of their choice. Microsoft suggests a few possibilities might include "deleting data, adding accounts with administrative access, or reconfiguring the system" (isn't all this built into XP anyway? - Ed).

No surprise then that Microsoft describes a patch it has issued to fix the flaw as of "critical" importance for client systems. You can find more information on the problem, and links to the patch here : http://www.microsoft.com/technet/security/bulletin/MS02-024.asp .

TechNote
The Windows debugging facility "provides a means for programs to perform diagnostic and analytic functions on applications as they are running on the operating system," Microsoft explains.

"One of these capabilities allows for a program, usually a debugger, to connect to any running program, and to take control of it. The program can then issue commands to the controlled program, including the ability to start other programs."

 

Weird! - why on Earth would Microsoft need a debugger?