Microsoft Patching 17-year-old Windows/DOS Bug

Last month we reported that Tavis Ormandy, a security researcher at Google, discovered a security flaw in the Virtual DOS Machine that can allow a nefarious user to inject code into the kernel and possibly install malware.

The flaw spanned iterations of Windows operating system over the last 17 years, including:

  • Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

According to the BBC, Microsoft will be rolling out a fix to this bug in a February Security Update. The update will fix five vulnerabilities that allow attackers to hijack a Windows PC and run their own programs on it.

The patch is expected to hit on Tuesday, February 9 but it's a good idea to have automatic updates turned on so that your OS will do the checking for you.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
49 comments
Comment from the forums
    Your comment
    Top Comments
  • pink315
    Time to boot up my Windows 3.1 System for updates
    35
  • fafner
    Yay, 4 more days for hackers to have fun with it.
    21
  • Shadow703793
    Hmm... you mention Server 2008 but not Server 2008 R2 but yet you mention Vista and Win 7?

    ========

    One more thing: This ONLY affects 32 bit Windows Versions!
    See: http://www.microsoft.com/technet/security/advisory/979682.mspx

    =======
    Affected Software

    Microsoft Windows 2000 Service Pack 4

    Windows XP Service Pack 2 and Windows XP Service Pack 3

    Windows Server 2003 Service Pack 2

    Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

    Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*

    Windows 7 for 32-bit Systems
    Non-Affected Software

    Windows XP Professional x64 Edition Service Pack 2

    Windows Server 2003 x64 Edition Service Pack 2

    Windows Server 2003 with SP2 for Itanium-based Systems

    Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

    Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

    Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

    Windows 7 for x64-based Systems

    Windows Server 2008 R2 for x64-based Systems

    Windows Server 2008 R2 for Itanium-based Systems
    21
  • Other Comments
  • fafner
    Yay, 4 more days for hackers to have fun with it.
    21
  • pink315
    Time to boot up my Windows 3.1 System for updates
    35
  • idisarmu
    kernal???

    Use spell check please.
    0