[ insider_reports_insider ]
17-Year-Old Windows Flaw Found
Doug Caverly
Staff Writer
2010-01-20
 Insider Reports RSS Feed
Here's a little something to make people who are interested in security shudder: a vulnerability's been discovered, and believe it or not, it's present in just about every version of Windows from 1993's Windows NT 3.1 on.
 | | 17-Year-Old Windows Flaw Found |  |
Tavis Ormandy, who works for Google, appears to have discovered the issue sometime towards the middle of last year, and - after giving Microsoft more than a fair amount of time to deal with it (he notified the company in June) - wrote about it yesterday.
Apparently the fault lies with the Virtual DOS Machine, which comes with 32-bit versions of Windows for the sake of supporting 16-bit applications. And the problem amounts to a privilege escalation bug, which isn't the most benign thing in the world.
Fortunately, 64-bit versions of Windows are gaining market share every day, and Ormandy's recommended precaution for older systems isn't complicated.
Ormandy wrote, "Temporarily disabling the MSDOS and WOWEXEC subsystems will prevent the attack from functioning . . . . Applying these configuration changes will temporarily prevent users from accessing legacy 16-bit MS-DOS and Windows 3.1 applications, however, few users require this functionality."
Let's just hope there aren't too many other 17-year-old problems lying around out there.
About the Author:
Doug is a staff writer for SecurityProNews, InternetFinancialNews, SearchNewz, and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
