Microsoft to patch 17-year-old computer bug

[LoadsaMoney]

A 17-year-old bug in Windows will be patched by Microsoft in its latest security update.

The February update for Windows will close the loophole that dates from the time of the DOS operating system.

First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since.

The monthly security update will also tackle a further 25 holes in Windows, five of which are rated as "critical".

http://news.bbc.co.uk/1/hi/technology/8499859.stm

 

[.Simon]

A bit more information on the vulnerability for anyone interested, B.B.C. providing the least information possible:

Tavis Ormandy Advisory

"In order to support BIOS service routines in legacy 16bit applications,
the Windows NT Kernel supports the concept of BIOS calls
in the Virtual-8086 mode
monitor code.
These are implemented in two stages, the kernel transitions to the
second stage when the #GP trap handler (nt!KiTrap0D)
detects that the faulting cs:eip matches specific magic values.

Transitioning to the second stage involves restoring execution context
and call stack (which had been previously saved)
from the faulting trap frame once authenticity has been verified.

This verification relies on the following incorrect assumptions:

- Setting up a VDM context requires SeTcbPrivilege.
- ring3 code cannot install arbitrary code segment selectors.
- ring3 code cannot forge a trap frame.

This is believed to affect every release of the Windows NT kernel, from
Windows NT 3.1 (1993) up to and including Windows 7 (2009)."

 

[ShakenNstirred]

if its been around 17 years i wouldnt worry about it
news must have been slow at the beeb

 

[Dangerous]

if its been around 17 years i wouldnt worry about it
news must have been slow at the beeb

Aye

 

[theheyes]

Only very recently discovered though and needed patching nonetheless.

I'm guessing this only affects x86 Windows though.