Microsoft Patches About 17-Year-Old Windows Bug
Microsoft Security Advisory (979682)
- Title: Vulnerability in Windows Kernel Could Allow
Elevation of Privilege
This is the usual format of mails people who subscribed to Microsoft Security Advisory get. But what was not evident from the otherwise routine mail is that this vulnerability exists in *ALL* forms of 32 bit Microsoft Windows till date - that is for 17 years.
Yes, you are right. This vunlerablity that exists in the 32 bit Windows kernel could be used to hijack PCs.
This vulnerability - exist in the Windows Virtual DOS Machine (VDM) was discovered by Google engineer Tavis Ormandy and reported on last Tuesday.
From Microsoft Security Advisory (979682)
Microsoft is investigating new public reports of a vulnerability in the Windows kernel. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-band security update, depending on customer needs.
This is the second advisory in recent days. The first one was for a critical flaw in the Microsoft's browser Internet Exploere 8.
"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," said the newest advisory. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
Anyway Microsoft has released an Out of Band security patch on January 21, 2010. to address this vulnerability.