KezNews.com
DownloadsOther NewsForumBlogsWallpapersJokewareSearch
Downloads:
Downgrading Windows 7 to XP and Vista
Download All Free Windows 7 Bing Themes and..
Windows 7 SP1 Beta Download
Fresh Ad-Aware Suite - Ad-Aware Total Secur..
Recent Forum Posts:
Drmbuster pro v4.0.4
Magic: the gathering - duels of the planeswalkers v1.0 and e
Va - ibiza summer hits only (2010)
Top Downloads:
Download Windows Genuine Advantage (WGA) Validation Crack 1.9.42.0
Download Microsoft Office 2010
iOS 4.0 Golden Master Candidate Available for Download
2010 FIFA World Cup Theme for Windows 7
Windows 7 SP1 Beta Download
Advertisements:

Windows has a 17 year old un-patched vulnerability

section: windows, for your questions: KezNews forum, 20.1.2010

    Tip: Click here to update all your PC's outdated drivers

When it comes to updating security threats and bugs in their operating systems, Microsoft is, for the most part, pretty good about it.




True, there are threats here and there that get overlooked, but eventually, Redmond takes care of them... except in this case.

The H Security points out that Microsoft has ignored a security hole in Windows since the release of Windows NT 3.1 in 1993. This vulnerability is present in all 32-bit Windows operating systems since then. The problem exists due to a flaw in the Virtual DOS Machine (or VDM), which was used to support 16-bit applications. The flaw allows for a 16-bit program to manipulate the kernel stack of processes. The site notes that "this potentially enables attackers to execute code at system privilege level," making this a real threat to system security.

A Microsoft spokesperson confirmed to Neowin that the company was investigating the "public claims of a possible vulnerability in Windows." The spokesperson also confirmed Microsoft was unaware of any attacks trying to use the "claimed vulnerability," or of customer impact. "Once we're done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves," they said.

The vulnerability was discovered by a member of the Google security team, named Tavis Ormandy. The hole was tested and found to still be present in Windows XP, Server 2003, 2008, Vista, and 7, and can be used to open a command prompt "in the system context, which has the highest privilege level." Ormandy says that he informed Microsoft of this hole back in 2009, but they have yet to fix it. The work around for it happens to be pretty simple; all you have to do is disable the MS-DOS subsystem. It's advised that all companies patch the hole, especially now that the vulnerability is public knowledge. Turning this off should not affect any compatibility issues, unless, for some strange reason, you're still using 16-bit applications.

Here's how to disable it:

"The workaround requires users to start the group policy editor and enable the "Prevent access to 16-bit applications" option in the Computer Configuration\Administrative Templates\Windows Components\Application Compatibility section."

source: neowin.net

  >> Click Here to Run a Free Scan for PC Errors <<

send email Send link 2 friend  |  Permalink
<< previouse article
Internet Explorer vulnerability patch due tomorrow		 next article >>
Support for Windows 2000 ends on July 13, 2010

MORE RELATED ARTICLES:
Microsoft set to fix 17 year old Windows vulnerability next week || 32-bit Windows 7, Vista, XP Affected by 17-Year-Old EoP Vulnerability || 26 Windows, Office holes patched in 13 bulletins || 2 patched next patch Tuesday May 2010 || Microsoft patched 190 exploits in 2009

Comments(0)


No new comments are allowed for this article.

For your questions use our KezNews Forum