Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

The Security Bug That Made Microsoft Discontinue Windows Journal

$
0
0

A security bug discovered by Fortinet is one of the reasons why Microsoft decided to retire the aging Journal application and remove it from all windows versionsthis past August.

Microsoft made the move with the release of KB3161102 , a Windows security update that uninstalled the Journal application from all versions of Windows versions through Windows 10 version 1511.

Windows Journal launched with the Windows XP Tablet PC Edition and was an ancient note-taking application that predated the more successful OneNote.

Microsoft never bothered to upgrade the application, and the only updates it received were all security related. In the past two years, for such a niche application, Windows Journal received a whopping six security updates: KB2975689 (MS14-038 in July 2014), KB3046002 (MS15-045 in May 2015), KB3069114 (MS15-098 in September 2015), KB3100213 (MS15-114 in November 2015), KB3115858 (MS16-013 in February 2016), and KB3156761 (MS16-056 in May 2016).

Heap overflow bug was the last straw

One of the latest bugs discovered in Windows Journal was an issue uncovered by Fortinet security researcher Honggang Ren.

Fortinet says the vulnerability was a memory heap overflow that allowed attackers to write code in other portions of the user's PC memory because of improper code execution bounds checking.

This issue could be exploited via a malicious JTP file, the Windows Journal proprietary file format. This was the straw that broke the camel's back for Microsoft, who issued the following statement when it announced Journal's demise.

The file format that's used by Windows Journal (Journal Note File, or JNT) has been demonstrated to be susceptible to many security exploits. Therefore, Windows Journal will be removed from all versions of Microsoft Windows soon.

There's nobody to blame for Journal's sorry state except Microsoft, who launched the pen-driven note-taking app but failed to maintain it over the years, leaving it in ruins in a dark corner of its Windows OS.

Users can still download a version of the Journal app separately and install it, but it would be safer if they used OneNote instead.


Viewing all articles
Browse latest Browse all 12749

Trending Articles