Microsoft to patch 17-year-old bug

Feb 08, 2010 by Lin Edwards report
Microsoft to patch 17-year-old bug

(PhysOrg.com) -- Microsoft's February security update will include a patch for a bug that dates back to Windows NT 3.1, which was released in July 1993. The vulnerability has been present but undetected in every 32-bit version of Windows since 1993, including Windows XP, Vista, Windows 2000, Server 2003 and 2008, and the newest version: Windows 7.

A researcher for Google, Tavis Ormandy, found several flaws in the Virtual DOS Machine (VDM) utility that enables more recent releases of Windows to run old DOS and 16-bit software. The bug has the potential to enable an unprivileged 16-bit program to gain system privileged access level to the PC, which would allow attackers to get their own code to run. Ormandy found the bug and reported it to Microsoft over seven months ago and published a workaround, but a patch has not been ready until now.

The 17-year-old bug affects only Windows 32-bit versions and does not affect 64-bit machines, which does not have support for 16-bit applications. Microsoft has released a security advisory, which says the company is not aware of any attacks involving the , and most users are at low risk, apparently because local access to the computer is required.

Among the 25 other patches included in this month’s security update are five “critical” vulnerabilities that could allow an attacker to hijack a PC running Windows and force it to run their own programs. The update also fixes bugs in Microsoft Office 2003 and XP, and Office 2004 for Apple Macintosh.

Explore further: Madison, Wis., becoming a force in video game industry

Related Stories

Upgrade to Windows 7? It all depends...

Oct 08, 2009

With Windows 7 scheduled for release Oct. 22, the question many readers will be asking is, "Should I upgrade?" The answer depends on your circumstances.

No News Is Big News for Sana Security

Apr 23, 2007

Sana Security today announced version 2.2 of the Primary Response SafeConnect anti-malware utility, which works exactly the same in Vista as in Windows XP.

Windows 7 is on sale. Should you buy it now?

Jul 08, 2009

(AP) -- Microsoft Corp.'s next installment of Windows doesn't launch until October, but deep discounts on some versions are available through Saturday if you want to pre-order. Before pouncing on this deal, ...

Recommended for you

N. Korea suffers another Internet shutdown

16 hours ago

North Korea suffered an Internet shutdown for at least two hours on Saturday, Chinese state-media and cyber experts said, after Pyongyang blamed Washington for an online blackout earlier this week.

Sony's PlayStation 'gradually coming back'

16 hours ago

Sony was still struggling Saturday to fully restore its online PlayStation system, three days after the Christmas day hack that also hit Microsoft's Xbox, reporting that services were "gradually coming back."

Chattanooga touts transformation into Gig City

16 hours ago

A city once infamous for the smoke-belching foundries that blanketed its buildings and streets with a heavy layer of soot is turning to lightning-fast Internet speeds to try to transform itself into a vibrant ...

Uber broke Indian financial rules: central bank chief

16 hours ago

India's central bank chief lashed out at Uber, already under fire over the alleged rape of a passenger, saying the US taxi-hailing firm violated the country's financial regulations by using an overseas payment ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

Skeptic_Heretic
5 / 5 (1) Feb 08, 2010
The SETHC.exe bug is still around, even after this patch.

I wouldn't really say it's been fixed, just prevented from having network access.
axemaster
5 / 5 (1) Feb 08, 2010
I'm still waiting for the biggest bug to be removed from Windows... the BLOAT.

I would love if they could sell a stripped down version of Windows, where it supports graphics, but gets rid of all those useless services and processes that eat the computer alive. I mean, what does it tell you when a system from 5 years ago runs at the same speed as one from 2010???
Quantum_Conundrum
not rated yet Feb 08, 2010
Axemaster:

I was just talking about that earlier today.

Excluding video games and maybe graphics editors and sound editors, a windows 95 system ends up running about the same speed as a modern system with modern OS...because the software keeps getting written worse and worse, with more and more "crap nobody wants" added to it...
KingDWS
not rated yet Feb 08, 2010
I've been looking for something that functions similar to what you could do with the old batch files. Using one installation of windows something that would allow selective boot configs. For example one that allows max memi=ory and graphics but gets rid of network, encryption, print services etc etc. That might be for a game or using solidworks. There are sometimes when I want to run all of the junk but a lot of time have to spend a few minutes killing everything to max out the system. Someone figure this one out and they will come. I don't think most people realize just how bloated windows can be until they reinstall or use a differeant os on the same hardware. It can be a eyeopener.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.