Sign in with
Sign up | Sign in

Microsoft Patching 17-year-old Windows/DOS Bug

By - Source: Tom's Hardware US | B 49 comments

A patch is on the way to fix up that ancient Virtual DOS Machine flaw.

Last month we reported that Tavis Ormandy, a security researcher at Google, discovered a security flaw in the Virtual DOS Machine that can allow a nefarious user to inject code into the kernel and possibly install malware.

The flaw spanned iterations of Windows operating system over the last 17 years, including:

  • Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

According to the BBC, Microsoft will be rolling out a fix to this bug in a February Security Update. The update will fix five vulnerabilities that allow attackers to hijack a Windows PC and run their own programs on it.

The patch is expected to hit on Tuesday, February 9 but it's a good idea to have automatic updates turned on so that your OS will do the checking for you.

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 34 Hide
    pink315 , February 5, 2010 7:21 PM
    Time to boot up my Windows 3.1 System for updates
  • 21 Hide
    Shadow703793 , February 5, 2010 7:43 PM
    Hmm... you mention Server 2008 but not Server 2008 R2 but yet you mention Vista and Win 7?

    ========

    One more thing: This ONLY affects 32 bit Windows Versions!
    See: http://www.microsoft.com/technet/security/advisory/979682.mspx

    =======
    Affected Software

    Microsoft Windows 2000 Service Pack 4

    Windows XP Service Pack 2 and Windows XP Service Pack 3

    Windows Server 2003 Service Pack 2

    Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

    Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*

    Windows 7 for 32-bit Systems
    Non-Affected Software

    Windows XP Professional x64 Edition Service Pack 2

    Windows Server 2003 x64 Edition Service Pack 2

    Windows Server 2003 with SP2 for Itanium-based Systems

    Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

    Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

    Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

    Windows 7 for x64-based Systems

    Windows Server 2008 R2 for x64-based Systems

    Windows Server 2008 R2 for Itanium-based Systems
  • 20 Hide
    fafner , February 5, 2010 7:20 PM
    Yay, 4 more days for hackers to have fun with it.
Other Comments
    Display all 49 comments.
  • 20 Hide
    fafner , February 5, 2010 7:20 PM
    Yay, 4 more days for hackers to have fun with it.
  • 34 Hide
    pink315 , February 5, 2010 7:21 PM
    Time to boot up my Windows 3.1 System for updates
  • 0 Hide
    idisarmu , February 5, 2010 7:23 PM
    kernal???

    Use spell check please.
  • 3 Hide
    Ehsan w , February 5, 2010 7:38 PM
    yay
    they finally fixed it.
  • 18 Hide
    Hellbound , February 5, 2010 7:38 PM
    Better late then never I guess....
  • 0 Hide
    davendork , February 5, 2010 7:38 PM
    MSFT is rocking the code reuse. OOP is FTL?
  • 21 Hide
    Shadow703793 , February 5, 2010 7:43 PM
    Hmm... you mention Server 2008 but not Server 2008 R2 but yet you mention Vista and Win 7?

    ========

    One more thing: This ONLY affects 32 bit Windows Versions!
    See: http://www.microsoft.com/technet/security/advisory/979682.mspx

    =======
    Affected Software

    Microsoft Windows 2000 Service Pack 4

    Windows XP Service Pack 2 and Windows XP Service Pack 3

    Windows Server 2003 Service Pack 2

    Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

    Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*

    Windows 7 for 32-bit Systems
    Non-Affected Software

    Windows XP Professional x64 Edition Service Pack 2

    Windows Server 2003 x64 Edition Service Pack 2

    Windows Server 2003 with SP2 for Itanium-based Systems

    Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

    Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

    Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

    Windows 7 for x64-based Systems

    Windows Server 2008 R2 for x64-based Systems

    Windows Server 2008 R2 for Itanium-based Systems
  • 6 Hide
    warmon6 , February 5, 2010 7:58 PM
    xbeateroh but I though windows 7 was entirely rewritten from scratch......sons of b***es been lying to us AGAIN!!!


    Some how i dont think they lie. In fact they never mentioned it was rewritten.

    it certainly improved coding from windows vista but not rewritten.
  • 3 Hide
    warmon6 , February 5, 2010 7:59 PM
    Shadow703793Hmm... you mention Server 2008 but not Server 2008 R2 but yet you mention Vista and Win 7?========One more thing: This ONLY affects 32 bit Windows Versions!See: http://www.microsoft.com/technet/s [...] 79682.mspx=======Affected SoftwareMicrosoft Windows 2000 Service Pack 4Windows XP Service Pack 2 and Windows XP Service Pack 3Windows Server 2003 Service Pack 2Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*Windows 7 for 32-bit SystemsNon-Affected SoftwareWindows XP Professional x64 Edition Service Pack 2Windows Server 2003 x64 Edition Service Pack 2Windows Server 2003 with SP2 for Itanium-based SystemsWindows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2Windows 7 for x64-based SystemsWindows Server 2008 R2 for x64-based SystemsWindows Server 2008 R2 for Itanium-based Systems


    +1 nice find shadow.
  • -9 Hide
    Yuka , February 5, 2010 8:00 PM
    Good thing X-Box'es are written from scratch.

    ...

    Oh wait...

    Cheers! xD!
  • 4 Hide
    dwave , February 5, 2010 8:03 PM
    Good job getting that fixed in a timely fashion!
  • 2 Hide
    hakesterman , February 5, 2010 8:12 PM
    And what are they going to do on your PC? Play Solitaire!

  • 4 Hide
    hakesterman , February 5, 2010 8:19 PM
    Microsoft never stated that Windows 7 was written from scratch, you must of dreamed that. Windows
    7 is a Vista make over. They took vista and deleted all the main complaints and added the top features
    everyone suggested. Any 64 bit driver that was written for Vista will work with 64 bit Win 7, i have downloaded and used 6 Vista drivers for my Windows 7 including but not limited to Printer, and they all
    work perfectly. This is such a small hacker risk that Microsoft didn't feel the need to address it till now, and
    probably the only reason their addressing it is to shut a few people up. Go Windows 7(Vista)...........
  • 7 Hide
    Shadow703793 , February 5, 2010 8:51 PM
    dweaverGet rid of Windows, use Linux :-)

    I would love to, but unfortunately I need Windows to play me games (ie Crysis, Far Cry,etc).
  • -1 Hide
    razor512 , February 5, 2010 8:55 PM

    yep, programming is hard so it is understandable, taking 17 years to patch a security problem, especially when your busy making the OS slower and adding useless eye candy.

    Microsofts response to taking 17 years
    "Do you want it done fast or do you want it done right"
    :) 
  • 3 Hide
    maestintaolius , February 5, 2010 9:13 PM
    pink315Time to boot up my Windows 3.1 System for updates

    heh, +1 good sir.
  • -1 Hide
    fafner , February 5, 2010 10:39 PM
    Quote:
    I would love to, but unfortunately I need Windows to play me games (ie Crysis, Far Cry,etc).



    http://www.youtube.com/watch?v=USni2nTweOE

    Not sure how well it works tho.
Display more comments