Microsoft recently released an update to patch a security bug which has raised some eyebrows. The latest vulnerability tracked as CVE-2017-11882 that affected EQNEDT32.EXE which was included with the Microsoft Office suite until 2007 made researchers believe that Microsoft might have lost a source code to one of its Office Components.
California based firm Embedi found this bug in the Microsoft system which went unnoticed for 17 years. While the security researchers looked at the way this bug worked, one company noticed something unusual with the way Microsoft fixed it. Security Researchers at 0patch noticed that the patched EQNEDT32.EXE file was almost identical to the old one which made them believe that Microsoft did a manual patch of an EXE file. This raises a big why and is it possible that Microsoft lost the 17 years old source code of the file. A big company like Microsoft won’t take such a step unless they somehow lost the original code and had to manually edit and recompile the binary.
There are six such length checks in two modified functions, and since they don’t seem to be related to fixing CVE-2017-11882, we believe that Microsoft noticed some additional attack vectors that could also cause a buffer overflow and decided to proactively patch them. Maintaining a software product in its binary form instead of rebuilding it from modified source code is hard. We can only speculate as to why Microsoft used the binary patching approach, but being binary patchers ourselves we think they did a stellar job.
– 0patch team
We don’t know for certain if this was fixed the usual way or Microsoft has really lost a piece of Office code written 17 years ago. With the information available, we can only speculate what might have happened. The good news, though, is the fact that Microsoft has fixed a 17-year-old vulnerability which might have been exploited to attack Windows users.
Via: Bleeping Computer