17-year-old Windows Flaw Affects All Since NT

We often hear of Windows security bugs that plague a recent version of the operating system that many are still using today, but rarely do we hear of a bug that reaches all the way back – 17 years – to Windows NT.

Tavis Ormandy, a security researcher at Google, discovered a security flaw in the Virtual DOS Machine that can allow a nefarious user to inject code into the kernal and possibly install malware.

Given that all modern versions of Windows still feature the Virtual DOS Machine, this is a vulnerability that still exists today.

Ormandy wrote:

"All 32bit x86 versions of Windows NT released since 27-Jul-1993 are believed to be affected, including but not limited to the following actively supported versions:

    - Windows 2000

    - Windows XP

    - Windows Server 2003

    - Windows Vista

    - Windows Server 2008

    - Windows 7"

Microsoft has yet to respond to the flaw, and until it does with a patch, Ormandy recommends the following as a way to mitigate the hole:

"Temporarily disabling the MSDOS and WOWEXEC subsystems will prevent the attack from functioning, as without a process with VdmAllowed, it is not possible to access NtVdmControl() (without SeTcbPrivilege, of course).

"The policy template "Windows Components\Application Compatibility\Prevent  access to 16-bit applications" may be used within the group policy editor to prevent unprivileged users from executing 16-bit applications. I'm informed this is an officially supported machine configuration."

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
58 comments
    Your comment
    Top Comments
  • I thought vista and win 7 were totally re-wrote? Suppose they couldn't rewrite everything.. Luckily it seems to only effect 32bit =)
    28
  • people still run 32bit? ;>
    28
  • Glad I completed the switch to x64 (just a few eeks ago, though).
    21
  • Other Comments
  • I thought vista and win 7 were totally re-wrote? Suppose they couldn't rewrite everything.. Luckily it seems to only effect 32bit =)
    28
  • WHAT!? You gotta be kidding me! Seriously! Wow!
    4
  • people still run 32bit? ;>
    28