Gee, just when I bashed Apple for taking its sweet time to patch a hole, Microsoft has one that dates back 17 years.
Suddenly, Apple doesn’t look so bad.
The Register is reporting on a hole that exists in pretty much every version of 32 bit Windows. Here’s the details:
The vulnerability resides in a feature known as the Virtual DOS Machine, which Microsoft introduced in 1993 with Windows NT, according to this writeup penned by Tavis Ormandy of Google. Using code written for the VDM, an unprivileged user can inject code of his choosing directly into the system’s kernel, making it possible to make changes to highly sensitive parts of the operating system.
Charming. There’s nothing that exploits this at the moment. But now that this bug is out in the open, there likely will be. So Microsoft may want to do something about this sooner rather than later.
Like this:
Like Loading...
Related
This entry was posted on January 20, 2010 at 3:04 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Microsoft Pulls An Apple By Having A 17 Year Old Security Hole
Gee, just when I bashed Apple for taking its sweet time to patch a hole, Microsoft has one that dates back 17 years.
Suddenly, Apple doesn’t look so bad.
The Register is reporting on a hole that exists in pretty much every version of 32 bit Windows. Here’s the details:
The vulnerability resides in a feature known as the Virtual DOS Machine, which Microsoft introduced in 1993 with Windows NT, according to this writeup penned by Tavis Ormandy of Google. Using code written for the VDM, an unprivileged user can inject code of his choosing directly into the system’s kernel, making it possible to make changes to highly sensitive parts of the operating system.
Charming. There’s nothing that exploits this at the moment. But now that this bug is out in the open, there likely will be. So Microsoft may want to do something about this sooner rather than later.
Share this:
Like this:
Related
This entry was posted on January 20, 2010 at 3:04 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.