Serious flaw discovered in Windows Vista's Explorer

By null_
in Back Page News

 Share

Recommended Posts

Grand Master

null_

Posted
Posted (edited)

For anyone who is interested, here are the reproduction steps:

  1. Click on Start, and then click on Documents.
  2. In the Search entry box, type "NOT Shortcut" (without the quotes).
  3. Click on the "Save Search" button and save the search query as "Search Test".

I've removed the rest of the post due to the un-necessary amount of spam that I have received in the past 24 hours.

Edited by iCeFuSiOn
Experienced

7Dash8

Posted
Posted

Very close to being blogspam. This is a serious flaw? Worst case scenario is the explorer process crashes and restarts without even restarting the OS. It may have taken down XP, but Vista just restarts the process and it's fine. Should MS fix it...of course. Is it a major flaw that's going to have any real impact, no. MS can fix it easily with a patch. Nice try to fabricate an issue out of nothing though. In fact demonstrates how Vista is much more robust against these sort of glitches than XP ever was.

Grand Master

null_

Posted
  • Author
Posted
Uhh... so you're searching for something that is NOT a shortcut? ie: pretty much everything? What do you expect to happen? :laugh:

If you're trying to search for documents only and the explorer brings back a list of shortcuts as well, NOT Shortcut will hide them. What it ISN'T supposed to do is crash the shell. This was bugged for SP1 and was marked as "won't fix".

Grand Master

magik

Posted
Posted
If you're trying to search for documents only and the explorer brings back a list of shortcuts as well, NOT Shortcut will hide them. What it ISN'T supposed to do is crash the shell. This was bugged for SP1 and was marked as "won't fix".

Right, but usually you have something like "<some doc title> NOT Shortcut" and that doesn't crash, in fact it works exactly as expected. But placing just "NOT Shortcut" without any other filter does crash it instantly. So, yea, it crashes if that is your intention, but really this isn't much of an issue. Although it should probably be fixed, it's really not a big deal. Either way, I'm sure a patch will be released eventually. Probably after SP1, though.

Grand Master

BajiRav

Posted
Posted

I won't call this a serious but probably an unfortunate bug. Vista has other issues that are more important that this. Such as slow copying speeds and folder view thingy.

If you're trying to search for documents only and the explorer brings back a list of shortcuts as well, NOT Shortcut will hide them. What it ISN'T supposed to do is crash the shell. This was bugged for SP1 and was marked as "won't fix".

can use kind:document ? or just remove appdata folder from your index locations...that is what I do.

Grand Master

spenser.d

Posted
Posted

:rofl:

And to think I actually expected to read about a serious flaw...

Good grief, even in XP bringing back a crashed explorer is as easy as bringing up the task manager and doing a File >> Run explorer.exe

Apparently Vista does that all for you. Hardly anything to bash Vista for.

Not to mention that nobody out there even searches for "NOT Shortcut" by itself (given by the fact that it took over a year to even find this flaw...)

-Spenser

Grand Master

Smigit

Posted
Posted
Why are we the source?

heh. we say they are the sourc they say it's us. A nice vicious cycle of sourcing.

Anyway it doesn't seem overly serious but it definitely should be fixed. I doubt it will kill anyone but it's blemishes like this that day in day out tarnish Vista's image. It's not the most pressing issue by all means, but still should be looked at.

Grand Master

Eric Veteran

Posted
  • Veteran
Posted
We can only curse at things like this because WinFS would have certainly avoided such problems.

*sigh*

:ike:

Go look up WinFS and come back and give us a report on it. WinFS is not what you think it is. ;)

Why are we the source?

He changed it. Here's the original link: http://www.windows-now.com/blogs/kmkenney/...plorer-bug.aspx

As I said... This post is total flame bait and some people have already bitten the hook. ;)

Grand Master

mad_onion

Posted
Posted

wow the thread title and original post really tries to make this sound like a big deal. unfortunately for them it really isn't i'm sure it will be fixed but i wonder how many times people actually search for NOT shortcut. and anyway explorer restarts quickly really not much of a problem. if this is a seriuos flaw i would like to see how the author would describe all the problems that device drivers are causing in vista.

Neowinian

anthonyspt

Posted
Posted
At a time where everyone is anxiously awaiting the upcoming service pack for Windows Vista (and while others flock back to Windows XP in droves), yet another flaw in the Windows Vista operating system has been discovered that can bring the Windows shell ("Windows Explorer") to its knees within 20 seconds. Even worse, this issue occurs under every day usage of the operating system if you use the Search function regularly with boolean search operators.

  1. Click on Start, and then click on Documents.
  2. In the Search entry box, type "NOT Shortcut" (without the quotes).
  3. Click on the "Save Search" button and save the search query as "Search Test".

This has been confirmed as a flaw in Windows Vista (all editions) and Windows Vista 64-bit (all editions), and even worse, the issue still occurs on the latest release candidate for Service Pack 1, and has been marked as "will not be fixed". The bigger question is, will Microsoft step up to the plate and fix this issue or will they let it pass on by while they work heavily on Windows "7", ignoring the fact that Windows Vista still has flaws and inconsistancies that are seeing larger companies hold back deployment until 2009 or even skip Vista?

Source of instructions to reproduce issue: ActiveWin.com

So from this we can learn a few things.

1) Vista must be in better shape and more on track and stable than the anti-Vista zealots would like for people to believe if it has taken a year for something like this to be classified as a serious flaw. For people that can think for themselves, this is the best pro-Vista post in history...

2) The person that found this flaw is a bit scary to expect this to be a valid search, especially so important to save it as a Search Folder. But hey, everyone to their own thing, so I'm over the scary part.

3) The person that posted this thinks MS is heavily working on Windows 7. Well it is true MS's NT cycle always starts at the end of a product release, so we can assume they are working on Windows 7. However, it is time for the idiots that keep running around thinking MinWin is Windows 7 or any different than the 'tight' kernel that is already in Vista and all previous versions of NT to wake up and watch the presentation or talk to someone at Microsoft for an accurate source on the subject. Windows 7 is not very active yet, and its kernel technology is the same as Vista, and it is scary that after 15 years of NT, people don't yet realize that the NT kernel is in fact very tight and small when you remove the API interface layers. (NT is a light API interface hybrid kernel technology) - This is why MinWin was a basic recompile of Vista kernel with the external APIs turned off, PERIOD.

4) Let's hope the person that found this fatal flaw doesn't do a nested search in a search that is recursive. They will really be mad at Windows then... Which points out another good thing about this bug, instead of dragging the system to a grind in an endless loop, or even choking, Vista just restarts Explorer and goes on its way. PS It will only restart the 'Folder Window' and not fully restart Explorer if you have "Launch folder windows in a separate process" (PS Which is handy to turn on)

Now for the unknown:

There is already an easy fix for this, pick a different freaking syntax, Vista has the most diverse search engine in OS history, with the most extensive set of search options including natural language and strict syntax as the user chooses.

Here is the 'fix' or way to perform the search effortlessly without killing Explorer if you really want to do this search:

NOT (ext:lnk OR ext:url)

-This also excludes Internet shortcuts, and is more accurate as you don't get folders in the mix of results.

NOT ext:lnk

-This is if you only want to exclude plain shortcuts and not Internet shortcuts, and again works better as it doesn't mix folders in the results.

You could also do:

-(ext:lnk OR ext:url)

or

-ext:lnk

Get the idea here? There are numerous ways to get the same results that don't involve killing Explorer

Now with that MAJOR flaw out of the way, this would be a good time to remind people that the search features in Vista are pretty powerful in doing more than just searching for items.

Look up a tool called Start++ from brandontools.com - (it is handy) and from it you can get an idea of how powerful the searching system is and how it can be extended in basic shell and commandline usage even. (Most people don't realize you can get search results in a CMD prompt, or from within their applications.)

Also for people doing more than causal searches, take a minute and read some up on some of the syntax options Vista offers and see why it makes Leopard and even Google Desktop Search look like toys.

This is a good reference page to begin with for the basics of advanced searching in Vista:

http://search.msn.com/docs/toolbar.aspx?t=...earchSyntax.htm

Grand Master

+M2Ys4U Subscriber¹

Posted
  • Subscriber¹
Posted
So from this we can learn a few things.

1) Vista must be in better shape and more on track and stable than the anti-Vista zealots would like for people to believe if it has taken a year for something like this to be classified as a serious flaw. For people that can think for themselves, this is the best pro-Vista post in history...

2) The person that found this flaw is a bit scary to expect this to be a valid search, especially so important to save it as a Search Folder. But hey, everyone to their own thing, so I'm over the scary part.

3) The person that posted this thinks MS is heavily working on Windows 7. Well it is true MS's NT cycle always starts at the end of a product release, so we can assume they are working on Windows 7. However, it is time for the idiots that keep running around thinking MinWin is Windows 7 or any different than the 'tight' kernel that is already in Vista and all previous versions of NT to wake up and watch the presentation or talk to someone at Microsoft for an accurate source on the subject. Windows 7 is not very active yet, and its kernel technology is the same as Vista, and it is scary that after 15 years of NT, people don't yet realize that the NT kernel is in fact very tight and small when you remove the API interface layers. (NT is a light API interface hybrid kernel technology) - This is why MinWin was a basic recompile of Vista kernel with the external APIs turned off, PERIOD.

4) Let's hope the person that found this fatal flaw doesn't do a nested search in a search that is recursive. They will really be mad at Windows then... Which points out another good thing about this bug, instead of dragging the system to a grind in an endless loop, or even choking, Vista just restarts Explorer and goes on its way. PS It will only restart the 'Folder Window' and not fully restart Explorer if you have "Launch folder windows in a separate process" (PS Which is handy to turn on)

Now for the unknown:

There is already an easy fix for this, pick a different freaking syntax, Vista has the most diverse search engine in OS history, with the most extensive set of search options including natural language and strict syntax as the user chooses.

Here is the 'fix' or way to perform the search effortlessly without killing Explorer if you really want to do this search:

NOT (ext:lnk OR ext:url)

-This also excludes Internet shortcuts, and is more accurate as you don't get folders in the mix of results.

NOT ext:lnk

-This is if you only want to exclude plain shortcuts and not Internet shortcuts, and again works better as it doesn't mix folders in the results.

You could also do:

-(ext:lnk OR ext:url)

or

-ext:lnk

Get the idea here? There are numerous ways to get the same results that don't involve killing Explorer

Now with that MAJOR flaw out of the way, this would be a good time to remind people that the search features in Vista are pretty powerful in doing more than just searching for items.

Look up a tool called Start++ from brandontools.com - (it is handy) and from it you can get an idea of how powerful the searching system is and how it can be extended in basic shell and commandline usage even. (Most people don't realize you can get search results in a CMD prompt, or from within their applications.)

Also for people doing more than causal searches, take a minute and read some up on some of the syntax options Vista offers and see why it makes Leopard and even Google Desktop Search look like toys.

This is a good reference page to begin with for the basics of advanced searching in Vista:

http://search.msn.com/docs/toolbar.aspx?t=...earchSyntax.htm

Actually, about the MinWin thing, the Core effort (which is the sliced off APIs) used to be called MinWin, but there's another effort to remake the kernel called MinWin and that does involve changing the kernel architecture.

The current slimmed-down kernel need the entire source tree to be built to build the kernel, because even though it doesn't call the APIs above, they're still needed to complete dependencies.

The new MinWin will enable the kernel to be built alone, or parts of the system, which helps in the layering, upkeep and testing of the OS.

Other than that, very informative post :)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Windows 10 quietly gets one more year of support and updates

      By TarasBuria · Posted

      Windows 10 quietly gets one more year of support and updates by Taras Buria Windows 10 reached its end of life at the end of 2025. Microsoft kicked off the Extended Security Updates program, aimed at giving regular consumers one more year of security-only updates. By doing so, Microsoft gave users more time and money to update their computers to a newer operating system or compatible hardware. Now, with the end of the Extended Security Updates program quickly approaching, Microsoft is making an important adjustment. Users discovered that the official support article for the program now lists a new end-of-support date: The Extended Security Updates program is not a new concept. It has been an official way for business consumers to continue receiving critical updates for unsupported Microsoft products for many years. However, all this time, it was a business-only, paid feature. With Windows 10, Microsoft brought ESU to regular consumers, allowing them to get security updates for Windows 10 past October 2025 essentially for free. When Windows 10 was approaching the end of support, many guessed that Microsoft might adjust its support timelines, and this is exactly what seems to be happening. Of course, Microsoft would love everyone to switch to new computers, such as its latest Surface devices, but in the days of ever-growing hardware prices, not everyone is lucky enough to have money for a new PC. Leaving hundreds of millions of customers with a Windows version that no longer receives security updates is a major risk that Microsoft is not willing to take. If you have a Windows 10 PC to enroll in the Extended Security Updates program, check out this guide to learn how to do so.
    • Sony announces Bungie layoffs that will affect "significant number of employees"

      By LoneWolfSL · Posted

      Sony announces Bungie layoffs that will affect "significant number of employees" by Pulasthi Ariyasinghe Sony today announced that major layoffs are happening at its first-party studio Bungie, the developer that has spawned series like Halo, Destiny, and Marathon over the past decades. The news arrives just weeks after Bungie delivered the final update to Destiny 2, and it's that team being hit with the layoffs the most. CEO of Sony Interactive Entertainment Hermen Hulst revealed the staff reduction today, calling it "painful news." "Over the past several months, together with Bungie leadership, we reviewed the studio’s long-term direction, development priorities, resource needs, and role within our broader portfolio strategy," said Hulst, explaining the decision. "We explored multiple alternatives before concluding that a reduction was necessary to align the studio’s resources with its current priorities and long-term goals." The layoffs will be hitting "a significant number of employees" across most of the Destiny franchise development team. It doesn't look like Sony is planning to continue the series following Destiny 2's sunsetting update. The studio is said to be in early stages of looking at other projects to pivot to, but it's said that keeping the size of the team at current levels is no longer feasible. "We know this decision has a profound impact on the people affected, their families, friends, and teammates," said Bungie leadership in a separate message on social media. "While these changes are necessary to best position the studio now and for the future, that does not lessen the difficulty of this moment or the impact it has on those affected." At the same time, "some" of the Marathon development team are also affected by the layoffs. The recently released multiplayer-only extraction shooter title hasn't seen a big boom of players either, but the company is reportedly hoping that the live service experience will pick up players with future updates.
    • Microsoft adds reusable skills and finance data connectors to Copilot in Excel

      By Karthik Mudaliar · Posted

      Microsoft adds reusable skills and finance data connectors to Copilot in Excel by Karthik Mudaliar Microsoft is giving Copilot in Excel a collection of new features aimed squarely at finance teams. The update introduces reusable instructions for common tasks, connections to services such as FactSet and Morningstar, and a better way to review what Copilot intends to do before it starts changing a workbook. The most interesting addition is 'Skills' finally coming to Copilot in Excel. Skills let companies teach Copilot how to handle a recurring process, so employees do not need to write the same detailed prompt every month. Users can create skills that can specify the steps Copilot should follow, along with the required layout, formulas, and formatting. Microsoft says users can create their own skills by saving a SKILL.md file in OneDrive. The file is written using Markdown and tells Copilot when and how to perform the task. Once it is available, a user can select the skill in the Copilot pane or mention it in a prompt using the @ symbol. There is also a library of prebuilt finance skills for customers who do not want to create their own. Microsoft plans to let developers distribute additional skills through the Microsoft Marketplace and the Microsoft 365 Admin Center, with LSEG, Ramp, Rogo, samaya.ai, Velixo, and Vena among the first partners involved. The company says that it is also expanding the external data that Copilot can access from inside Excel. New connectors are being added for CB Insights, Daloopa, FactSet, Morningstar, PitchBook, and S&P Global data through technology developed by Kensho. There is a catch, however. Accessing these services may require a separate subscription from the relevant data provider, so a Microsoft 365 Copilot licence will not necessarily unlock all of them. FactSet is also only available in preview for now, with general availability planned for July. Microsoft is also trying to make Copilot’s workbook edits easier to inspect. Users can switch to a planning mode that shows which sheets, cell ranges, formulas, and assumptions Copilot intends to work with before it begins making changes. Once the work is complete, the Show Changes pane can distinguish edits made by Copilot from those made by human collaborators. The update continues Microsoft’s push to turn Excel Copilot from a chatbot into an agent that can carry out longer tasks. The company previously added an Agent Mode capable of planning and completing multi-step Excel work. Microsoft also recently acquired financial AI startup Fintool, another indication that finance is becoming a key target for its Excel AI strategy. Prebuilt skills, personalization, workbook rules, external connectors, planning mode, and Copilot attribution in Show Changes are generally available to Microsoft 365 Copilot customers using Excel on the web, Windows, and macOS. Custom skills are initially available to Microsoft 365 Insiders on Windows and Mac starting today. Microsoft plans to make them generally available across Windows, Mac, and the web over the next month. Partner-built skills are expected during the third quarter of the year. Availability may still differ depending on region and licensing.
    • Rufus alternative Ventoy now supports Windows 11's mandatory update, fixes major boot bug

      By Southern Patriot · Posted

      Exactly. They serve different (although related) purposes.
    • Microsoft Authenticator - Constant Login Approval Requests

      By +Elі · Posted

      Do not enter the code under any circumstances, or you will be sorry. It's definitely and most likely a hacking attempt.  That happened to me a couple of years ago, and I kept receiving those prompts for months. It's simply the attacker trying to get you tired of the constant requests, so you just give up and enter the code, so they can log in to your account. 

  • Recent Achievements

    • First Post
      kinowa earned a badge
      First Post
    • Rookie
      krychek57 went up a rank
      Rookie
    • Grand Master
      Jaybonaut went up a rank
      Grand Master
    • One Year In
      Philsl earned a badge
      One Year In
    • Dedicated
      Scoobystu earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      438
    2. 2
      +Edouard
      169
    3. 3
      PsYcHoKiLLa
      134
    4. 4
      Xenon
      77
    5. 5
      Michael Scrip
      75
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!