Microsoft Looks To Close 17-year Old Windows Vulnerability

Microsoft has issued a warning against a security flaw in the kernel of all the 32-bit versions of Windows that can be easily exploited by hackers.

Interestingly, the security flaw, that also affects Windows 7, has been around for the last 17 years, without being noticed by any one.

The flaw was reported on Tuesday by Google security team expert Tavis Ormandy, who revealed that the vulnerability was in Microsoft Windows Virtual DOS Machine (VDM) subsystem which was added to Windows along with the release of Windows NT.

VDM is designed to allow Windows NT and later versions to run DOS and 16-bit Windows software. The report, which exposed the Windows flaw, also mentioned a turnaround for users who wish to avoid being manipulated by hackers.

Microsoft is advising users to disable the VDM and has warned that “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Microsoft Security Response Center (MSRC) issued an official statement claiming that the company had not seen an attack exploiting the alleged vulnerability. Ormandy, however, wrote that he had informed the company about the flaw but nothing was done about it.

Our Comments

Yet another massive headache for Microsoft, this time from an old Windows time bomb. Microsoft developers are frantically trying to close that hole in the Internet Explorer browser and are expected to launch a patch by this afternoon. The problem as well is that once the genie is out of the bottle, it is difficult not to get hackers to use it.

Related Links

Microsoft confirms 17-year-old Windows bug

(Computer World)

Ancient Windows flaw found after 17 years

(The Inquirer)

17-year-old Microsoft flaw affects Windows 7

(ZD Net)

Windows plagued by 17-year-old privilege escalation bug

(The Register)