Here's a little something to make people who are interested in security shudder: a vulnerability's been discovered, and believe it or not, it's present in just about every version of Windows from 1993's Windows NT 3.1 on.Tavis Ormandy, who works for Google, appears to have discovered the issue sometime towards the middle of last year, and - after giving Microsoft more than a fair amount of time to deal with it (he notified the company in June) - wrote about it yesterday.
Apparently the fault lies with the Virtual DOS Machine, which comes with 32-bit versions of Windows for the sake of supporting 16-bit applications. And the problem amounts to a privilege escalation bug, which isn't the most benign thing in the world.
Fortunately, 64-bit versions of Windows are gaining market share every day, and Ormandy's recommended precaution for older systems isn't complicated.
Ormandy wrote, "Temporarily disabling the MSDOS and WOWEXEC subsystems will prevent the attack from functioning . . . . Applying these configuration changes will temporarily prevent users from accessing legacy 16-bit MS-DOS and Windows 3.1 applications, however, few users require this functionality."
Let's just hope there aren't too many other 17-year-old problems lying around out there.
netizens left a footprint.