Microsoft Patching 17-year-old Windows/DOS Bug

News
By
published

A patch is on the way to fix up that ancient Virtual DOS Machine flaw.

Last month we reported that Tavis Ormandy, a security researcher at Google, discovered a security flaw in the Virtual DOS Machine that can allow a nefarious user to inject code into the kernel and possibly install malware.

The flaw spanned iterations of Windows operating system over the last 17 years, including:

  • Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

According to the BBC, Microsoft will be rolling out a fix to this bug in a February Security Update. The update will fix five vulnerabilities that allow attackers to hijack a Windows PC and run their own programs on it.

The patch is expected to hit on Tuesday, February 9 but it's a good idea to have automatic updates turned on so that your OS will do the checking for you.

Marcus Yam
Marcus Yam
Marcus Yam served as Tom's Hardware News Director during 2008-2014. He entered tech media in the late 90s and fondly remembers the days when an overclocked Celeron 300A and Voodoo2 SLI comprised a gaming rig with the ultimate street cred.
49 Comments Comment from the forums
  • fafner
    Yay, 4 more days for hackers to have fun with it.
    Reply
  • pink315
    Time to boot up my Windows 3.1 System for updates
    Reply
  • idisarmu
    kernal???

    Use spell check please.
    Reply
  • N.Broekhuijsen
    oh but I though windows 7 was entirely rewritten from scratch......

    sons of b***es been lying to us AGAIN!!!
    Reply
  • N.Broekhuijsen
    I dont mean to be crude but thats just how I feel now. I feel cheated on by MICROSOFT.

    then again, im sure we all do :P
    Reply
  • Ehsan w
    yay
    they finally fixed it.
    Reply
  • Hellbound
    Better late then never I guess....
    Reply
  • davendork
    MSFT is rocking the code reuse. OOP is FTL?
    Reply
  • Shadow703793
    Hmm... you mention Server 2008 but not Server 2008 R2 but yet you mention Vista and Win 7?

    ========
    One more thing: This ONLY affects 32 bit Windows Versions!
    See: http://www.microsoft.com/technet/security/advisory/979682.mspx    =======
    Affected Software

    Microsoft Windows 2000 Service Pack 4

    Windows XP Service Pack 2 and Windows XP Service Pack 3

    Windows Server 2003 Service Pack 2

    Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

    Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*

    Windows 7 for 32-bit Systems
    Non-Affected Software

    Windows XP Professional x64 Edition Service Pack 2

    Windows Server 2003 x64 Edition Service Pack 2

    Windows Server 2003 with SP2 for Itanium-based Systems

    Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

    Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

    Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

    Windows 7 for x64-based Systems

    Windows Server 2008 R2 for x64-based Systems

    Windows Server 2008 R2 for Itanium-based Systems
    Reply
  • Get rid of Windows, use Linux :-)
    Reply