17-year-old Windows Flaw Affects All Since NT

We often hear of Windows security bugs that plague a recent version of the operating system that many are still using today, but rarely do we hear of a bug that reaches all the way back – 17 years – to Windows NT.

Tavis Ormandy, a security researcher at Google, discovered a security flaw in the Virtual DOS Machine that can allow a nefarious user to inject code into the kernal and possibly install malware.

Given that all modern versions of Windows still feature the Virtual DOS Machine, this is a vulnerability that still exists today.

Ormandy wrote:

"All 32bit x86 versions of Windows NT released since 27-Jul-1993 are believed to be affected, including but not limited to the following actively supported versions:

    - Windows 2000

    - Windows XP

    - Windows Server 2003

    - Windows Vista

    - Windows Server 2008

    - Windows 7"

Microsoft has yet to respond to the flaw, and until it does with a patch, Ormandy recommends the following as a way to mitigate the hole:

"Temporarily disabling the MSDOS and WOWEXEC subsystems will prevent the attack from functioning, as without a process with VdmAllowed, it is not possible to access NtVdmControl() (without SeTcbPrivilege, of course).

"The policy template "Windows Components\Application Compatibility\Prevent  access to 16-bit applications" may be used within the group policy editor to prevent unprivileged users from executing 16-bit applications. I'm informed this is an officially supported machine configuration."

Marcus Yam
Marcus Yam served as Tom's Hardware News Director during 2008-2014. He entered tech media in the late 90s and fondly remembers the days when an overclocked Celeron 300A and Voodoo2 SLI comprised a gaming rig with the ultimate street cred.
  • Jerky_san
    I thought vista and win 7 were totally re-wrote? Suppose they couldn't rewrite everything.. Luckily it seems to only effect 32bit =)
  • Parrdacc
    WHAT!? You gotta be kidding me! Seriously! Wow!
  • warezme
    people still run 32bit? ;>
  • bitterman0
    It is, naturally, not a bug but a feature preserved for backward compatibility reasons, like bugs in INT 21 functions since early DOS versions.
  • Bolbi
    Glad I completed the switch to x64 (just a few eeks ago, though).
  • Bolbi
    Glad I completed the switch to x64 (just a few weeks ago, though).
  • Bolbi
    Sorry for the double post; seems like that's been happening to a few people recently!?
  • JD13
    Can Bill Gates still write code? This may need his personal touch.....
    It has nothing to do with 32 vs 64 bit , but more so with MS-DOS compatibility. Disable DOS & you're fine.
  • david714
    Big deal... "Possibly install malware", just how real is this bug? MSFT will have it fixed in a week and it will all be forgotten.
  • back_by_demand
    So doesn't affect 64 bit or those who have DOS disabled?

    I'm quaking in my boots...