We often hear of Windows security bugs that plague a recent version of the operating system that many are still using today, but rarely do we hear of a bug that reaches all the way back – 17 years – to Windows NT.
Given that all modern versions of Windows still feature the Virtual DOS Machine, this is a vulnerability that still exists today.
"All 32bit x86 versions of Windows NT released since 27-Jul-1993 are believed to be affected, including but not limited to the following actively supported versions:
- Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7"
Microsoft has yet to respond to the flaw, and until it does with a patch, Ormandy recommends the following as a way to mitigate the hole:
"Temporarily disabling the MSDOS and WOWEXEC subsystems will prevent the attack from functioning, as without a process with VdmAllowed, it is not possible to access NtVdmControl() (without SeTcbPrivilege, of course).
"The policy template "Windows Components\Application Compatibility\Prevent access to 16-bit applications" may be used within the group policy editor to prevent unprivileged users from executing 16-bit applications. I'm informed this is an officially supported machine configuration."
