Search My Blog

Monday, January 25, 2010

17 Year Old Windows Flaw Found

17-Year-Old Windows Flaw Found

Doug Caverly
Staff Writer

Here's a little something to make people who are interested in security shudder: a vulnerability's been discovered, and believe it or not, it's present in just about every version of Windows from 1993's Windows NT 3.1 on.

17-Year-Old Windows Flaw Found
17-Year-Old Windows Flaw Found

Tavis Ormandy, who works for Google, appears to have discovered the issue sometime towards the middle of last year, and - after giving Microsoft more than a fair amount of time to deal with it (he notified the company in June) - wrote about it yesterday.

Apparently the fault lies with the Virtual DOS Machine, which comes with 32-bit versions of Windows for the sake of supporting 16-bit applications. And the problem amounts to a privilege escalation bug, which isn't the most benign thing in the world.



No comments: