Sign in with
Sign up | Sign in

17-year-old Windows Flaw Affects All Since NT

By - Source: Tom's Hardware US | B 58 comments

Windows Virtual DOS Machine bug from 17 years ago affects Windows 7 users today.

We often hear of Windows security bugs that plague a recent version of the operating system that many are still using today, but rarely do we hear of a bug that reaches all the way back – 17 years – to Windows NT.

Tavis Ormandy, a security researcher at Google, discovered a security flaw in the Virtual DOS Machine that can allow a nefarious user to inject code into the kernal and possibly install malware.

Given that all modern versions of Windows still feature the Virtual DOS Machine, this is a vulnerability that still exists today.

Ormandy wrote:

"All 32bit x86 versions of Windows NT released since 27-Jul-1993 are believed to be affected, including but not limited to the following actively supported versions:

    - Windows 2000

    - Windows XP

    - Windows Server 2003

    - Windows Vista

    - Windows Server 2008

    - Windows 7"

Microsoft has yet to respond to the flaw, and until it does with a patch, Ormandy recommends the following as a way to mitigate the hole:

"Temporarily disabling the MSDOS and WOWEXEC subsystems will prevent the attack from functioning, as without a process with VdmAllowed, it is not possible to access NtVdmControl() (without SeTcbPrivilege, of course).

"The policy template "Windows Components\Application Compatibility\Prevent  access to 16-bit applications" may be used within the group policy editor to prevent unprivileged users from executing 16-bit applications. I'm informed this is an officially supported machine configuration."

Display 58 Comments.
This thread is closed for comments
Top Comments
  • 28 Hide
    Jerky_san , January 20, 2010 4:08 PM
    I thought vista and win 7 were totally re-wrote? Suppose they couldn't rewrite everything.. Luckily it seems to only effect 32bit =)
  • 27 Hide
    warezme , January 20, 2010 4:11 PM
    people still run 32bit? ;>
  • 21 Hide
    Bolbi , January 20, 2010 4:22 PM
    Glad I completed the switch to x64 (just a few eeks ago, though).
Other Comments
  • 28 Hide
    Jerky_san , January 20, 2010 4:08 PM
    I thought vista and win 7 were totally re-wrote? Suppose they couldn't rewrite everything.. Luckily it seems to only effect 32bit =)
  • 4 Hide
    Parrdacc , January 20, 2010 4:09 PM
    WHAT!? You gotta be kidding me! Seriously! Wow!
  • 27 Hide
    warezme , January 20, 2010 4:11 PM
    people still run 32bit? ;>
  • 13 Hide
    bitterman0 , January 20, 2010 4:21 PM
    It is, naturally, not a bug but a feature preserved for backward compatibility reasons, like bugs in INT 21 functions since early DOS versions.
  • 21 Hide
    Bolbi , January 20, 2010 4:22 PM
    Glad I completed the switch to x64 (just a few eeks ago, though).
  • 8 Hide
    Bolbi , January 20, 2010 4:24 PM
    Sorry for the double post; seems like that's been happening to a few people recently!?
  • 0 Hide
    JD13 , January 20, 2010 4:24 PM
    Can Bill Gates still write code? This may need his personal touch.....
    It has nothing to do with 32 vs 64 bit , but more so with MS-DOS compatibility. Disable DOS & you're fine.
  • 0 Hide
    david714 , January 20, 2010 4:24 PM
    Big deal... "Possibly install malware", just how real is this bug? MSFT will have it fixed in a week and it will all be forgotten.
  • 5 Hide
    back_by_demand , January 20, 2010 4:32 PM
    So doesn't affect 64 bit or those who have DOS disabled?

    I'm quaking in my boots...
  • 5 Hide
    uh_no , January 20, 2010 4:36 PM
    ah....could have guessed this piece of genius was a yam production
  • 12 Hide
    techguy378 , January 20, 2010 4:57 PM
    32-bit Windows 7 doesn't seem to support DOS software anyways. If I try to run the old DOS-based Scorched Earth game Windows 7 gives me an error stating it couldn't load the application. If I use the DOS Box emulator under Windows 7 then Scorched Earth runs fine.
  • -4 Hide
    Caffeinecarl , January 20, 2010 4:57 PM
    Windows 7"

    Hahaha... What's with the inches sign? Who else noticed that?
  • -8 Hide
    tommysch , January 20, 2010 4:57 PM
    LOL at people who still run 32-bit machines.
  • 2 Hide
    Anonymous , January 20, 2010 5:06 PM
    7" - windows envy?
    32-bit windows users = only about 99% of all windows users
  • -9 Hide
    Tomtompiper , January 20, 2010 5:07 PM
    Security issue? Malware? what are these? How do I protect my PCLinuxOS system from them? Hold on I'll check.

    The tech guy said do nothing, maybe open another beer if you feel like it: P
    If Carlsberg made operating systems......
  • 3 Hide
    HolyCrusader , January 20, 2010 5:08 PM
    This is interesting to know. Presumably, this would not affect XP64, Vista64, nor Win7x64, since none of those operating systems have any support for 16-bit applications (to the best of my knowledge).

    My critical systems have been running 64-bit Operating systems for quite some time now, but my older, lower-end systems still use 32-bit XP.
  • 13 Hide
    noodlegts , January 20, 2010 5:11 PM
    Windows 7 was the last thing he said in the quote, so it was Windows 7 (end quote).

    Get it?
  • 2 Hide
    guythepro , January 20, 2010 5:21 PM
    Jerky_sanI thought vista and win 7 were totally re-wrote? Suppose they couldn't rewrite everything.. Luckily it seems to only effect 32bit =)


    Most real software is never totally re-written (sans Mozilla). When you develop a new codebase you have to deal with many more times the bugs than if you had simply modified an existing one. Code that is constantly maintained typically gets better over time.
  • -1 Hide
    Vestin , January 20, 2010 5:21 PM
    noodlegtsWindows 7 was the last thing he said in the quote, so it was Windows 7 (end quote).Get it?

    "Windows 7 Inches" sounds fine too...
Display more comments