Office: Microsoft lost access to source code?

Microsoft Office: The way Microsoft writes security patches has led many software security experts to believe that the company may have lost the source code in one of the Office features.

Experts came to that conclusion this week when Microsoft patched a security recognized as CVE-2017-11882 and affected EQNEDT32.EXE, the equation processor included in the Microsoft Office suite since 2007.office

Although Microsoft replaced it στοιχείο EQNEDT32.EXE με ένα νέο το 2007, το παλαιότερο αρχείο εξακολουθεί να συμπεριλαμβάνεται σε όλες τις εγκαταστάσεις του Office για να επιτρέπεται στους of the application to load and edit equations created with the old component.

Investigators from the security company Embedi discovered a defect in this feature during the summer. The bug allowed silent attacks on all versions of Microsoft Office and Windows that were released in the last 17 years without user interaction.

While most security experts examined the Embide report (20 PDF pages) for details on the error, a specific company looked at how Microsoft fixed the error in Office.

Experts from 0patch - who manage a platform for direct distribution, application and removal of binary patches - noticed that the patched EQNEDT32.EXE file was almost identical to the old one.

"Have you ever encountered a C / C ++ compiler that put all the functions in an executable 500+ KB file at the exact same module address after compiling a modified source code, especially when these modifications resized the code into different functions?" experts ask.

When developers modify the source code and compile a new binary file, the compiler modifies the memory addresses of the functions when the binary code is written. This creates a slightly different binary each time.

The only way the new EQNEDT32.EXE could have remained similar to the previous version would have been if Microsoft engineers had edited it manually.

A company like Microsoft, which has strong and sophisticated software and security development practices, would never consider manual binary processing acceptable. The only way this can happen is if Microsoft loses the source code of an Office component.

Embedi researchers pointed out that the age of the ingredient is what made them look for bugs.

"The exe was created on 11/9/2000", says the Embedi team.

"Without further ado, it was used in all versions of Microsoft Office. The item appears to have been developed by Design Science Inc. However, later the rights were bought by Microsoft ".

The fact that an item that comes with Office for the last 17 years has only received one update is quite strange.

Manually editing executables to change the behavior of a binary is considered low-level hacking, which usually causes more problems than it solves. Developers who engage in such tactics usually risk breaking the entire binary. But according to 0patch, fixing EQNEDT32.EXE was a work in progress .

The CVE- vulnerability-11882 συνέβη επειδή το EQNEDT32.EXE μπορούσε να διαθέτει ένα σταθερό μέγεθος μνήμης και να φορτώνει ένα όνομα γραμματοσειράς. Εάν το όνομα της γραμματοσειράς ήταν πολύ μεγάλο, θα μπορούσε να προκαλέσει υπερχείλιση στο which would allow attackers to execute code.

Microsoft then optimized other features as the code changes affected smaller features. So the company added bits padding to avoid confusing the settings of other nearby functions.

These efforts to prevent the EQNEDT32.EXE binary crash are time consuming and no sophisticated programmer would have done it all this way if he still had access to the source code.

In addition, Microsoft also modified the code version number manually.

All evidence suggests that Microsoft has lost access to the EQNEDT32.EXE source code.

"Keeping a software product in its binary form instead of rebuilding it from the modified source code is difficult. We can think about why Microsoft used the binary correction approach, but it seems to have done a very good job, "the team said.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).