Skip to main content

Microsoft Patching 17-year-old Windows/DOS Bug

Last month we reported that Tavis Ormandy, a security researcher at Google, discovered a security flaw in the Virtual DOS Machine that can allow a nefarious user to inject code into the kernel and possibly install malware.

The flaw spanned iterations of Windows operating system over the last 17 years, including:

  • Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

According to the BBC, Microsoft will be rolling out a fix to this bug in a February Security Update. The update will fix five vulnerabilities that allow attackers to hijack a Windows PC and run their own programs on it.

The patch is expected to hit on Tuesday, February 9 but it's a good idea to have automatic updates turned on so that your OS will do the checking for you.

Marcus Yam
Marcus Yam served as Tom's Hardware News Director during 2008-2014. He entered tech media in the late 90s and fondly remembers the days when an overclocked Celeron 300A and Voodoo2 SLI comprised a gaming rig with the ultimate street cred.
  • fafner
    Yay, 4 more days for hackers to have fun with it.
    Reply
  • pink315
    Time to boot up my Windows 3.1 System for updates
    Reply
  • idisarmu
    kernal???

    Use spell check please.
    Reply
  • N.Broekhuijsen
    oh but I though windows 7 was entirely rewritten from scratch......

    sons of b***es been lying to us AGAIN!!!
    Reply
  • N.Broekhuijsen
    I dont mean to be crude but thats just how I feel now. I feel cheated on by MICROSOFT.

    then again, im sure we all do :P
    Reply
  • Ehsan w
    yay
    they finally fixed it.
    Reply
  • Hellbound
    Better late then never I guess....
    Reply
  • davendork
    MSFT is rocking the code reuse. OOP is FTL?
    Reply
  • Shadow703793
    Hmm... you mention Server 2008 but not Server 2008 R2 but yet you mention Vista and Win 7?

    ========
    One more thing: This ONLY affects 32 bit Windows Versions!
    See: http://www.microsoft.com/technet/security/advisory/979682.mspx
    =======
    Affected Software

    Microsoft Windows 2000 Service Pack 4

    Windows XP Service Pack 2 and Windows XP Service Pack 3

    Windows Server 2003 Service Pack 2

    Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

    Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*

    Windows 7 for 32-bit Systems
    Non-Affected Software

    Windows XP Professional x64 Edition Service Pack 2

    Windows Server 2003 x64 Edition Service Pack 2

    Windows Server 2003 with SP2 for Itanium-based Systems

    Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

    Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

    Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

    Windows 7 for x64-based Systems

    Windows Server 2008 R2 for x64-based Systems

    Windows Server 2008 R2 for Itanium-based Systems
    Reply
  • Get rid of Windows, use Linux :-)
    Reply