Truemors
is reporting from
Member
NP Rank:
NP Rank:
Microsoft Patches About 17-Year-Old Windows Bug
Share:
by israeli.agent | January 23, 2010 at 04:55 am
342 views | 18 Recommendations | 4 comments
Photos
Microsoft Security Advisory (979682)
- Title: Vulnerability in Windows Kernel Could Allow
Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/979682.mspx
This is the usual format of mails people who subscribed to Microsoft Security Advisory get. But what was not evident from the otherwise routine mail is that this vulnerability exists in *ALL* forms of 32 bit Microsoft Windows till date - that is for 17 years.
Yes, you are right. This vunlerablity that exists in the 32 bit Windows kernel could be used to hijack PCs.
This vulnerability - exist in the Windows Virtual DOS Machine (VDM) was discovered by Google engineer Tavis Ormandy and reported on last Tuesday.
From Microsoft Security Advisory (979682)
Executive Summary
Microsoft is investigating new public reports of a vulnerability in the Windows kernel. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-band security update, depending on customer needs.
This is the second advisory in recent days. The first one was for a critical flaw in the Microsoft's browser Internet Exploere 8.
"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," said the newest advisory. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
Anyway Microsoft has released an Out of Band security patch on January 21, 2010. to address this vulnerability.
Advertisement
What is NowPublic?
NowPublic lets people work together to cover news events around the world.
Crowd Power
israeli.agent
India
Related Stories
Recommendations (18)
jjenet
Ilford, Essex, United Kingdom
Hugh Askew
Omaha, Nebraska, United States
158
St. Louis, Missouri, United States
Barry ORegan
Burnaby, British Columbia, Canada
Most RecentMost Recommended Comments (4)
at 19:41 on January 23rd, 2010
Thanks for the information.
at 05:55 on January 24th, 2010
One presumes this is how the friendly Chinese hacked the Goog, eh?
Still blows my mind that anyone at Google would use Internet Exploder. Like unto being an engineer for Volvo and driving a Yugo.
at 21:20 on January 24th, 2010
Volvo car? I thought Volvo does not make cars anymore.
Anyways there are many people who just see computers as a useful tool and not much into security and safety aspects use Internet Explorer.
But the amazing thing is that how come this grand father bug could survive all they way down till Windows 7.
.Agent.
at 03:45 on January 25th, 2010
Volvo is still very much alive. Internet Exploder still has about 63% of the market, Firefox has 25%, Chrome is used by about 5%, the rest is split amongst Safari, Opera, and misc. others.
That the bug survived is a testament to the Microsoft way of doing business.