Microsoft Pulls An Apple By Having A 17 Year Old Security Hole

Gee, just when I bashed Apple for taking its sweet time to patch a hole, Microsoft has one that dates back 17 years.

Suddenly, Apple doesn’t look so bad.

The Register is reporting on a hole that exists in pretty much every version of 32 bit Windows. Here’s the details:

The vulnerability resides in a feature known as the Virtual DOS Machine, which Microsoft introduced in 1993 with Windows NT, according to this writeup penned by Tavis Ormandy of Google. Using code written for the VDM, an unprivileged user can inject code of his choosing directly into the system’s kernel, making it possible to make changes to highly sensitive parts of the operating system.

Charming. There’s nothing that exploits this at the moment. But now that this bug is out in the open, there likely will be. So Microsoft may want to do something about this sooner rather than later.

Leave a Reply

%d bloggers like this: