Microsoft Identifies 17-Year-Old Bug in Windows

14

Comments

+ Add a Comment
avatar

gendoikari1

How many 16-bit applications are still in use today? Probably none to a few, besides the control software for archaic industrial equipment (which begs the question, why are people using a modern OS like Windows 7 to control some antiquated machine?)

Honorary Family Member:

Phenom II x4 925 2.8 GHz

XFX Radeon HD 5870

8GB G.Skill DDR2-800 RAM

ASUS M3A32-MVP Deluxe 

Seagate Barracuda 750GB HDD  

 

avatar

Biceps

Think big companies with old databases.  Think hospitals. Think doctor's and dentists offices.  Think non-profits that still use the same database they did 5-10 years ago.  All vulnerable, and none can just 'stop using 16-bit applications'.  Microsoft better get their act together and fix this, stat.

avatar

gendoikari1

"...antiquated machines...". Most home PCs aren't running 16-bit applications.

And besides, would there be any reason to connect workstations such as those (which should be used controlling the equipment in question) to the Internet? 

Honorary Family Member:

Phenom II x4 925 2.8 GHz

XFX Radeon HD 5870

8GB G.Skill DDR2-800 RAM

ASUS M3A32-MVP Deluxe 

Seagate Barracuda 750GB HDD  

 

avatar

Biceps

If you have a database that is shared by several locations nationally (or globally), and that database happens to be 16-bit, this bug is an immeditate issue for your organization.

A lot of older CRM systems are 16-bit, old proprietary databases (developed by companies internally, or by contractors years ago) that are used by a lot of organizations, companies, etc (yes, they are using those 'outdated' 16-bit systems right now) might fall under this umbrella.  These organizations may have upgraded OSs, but have NOT upgraded their own proprietary databases.  Why?  The 'if it ain't broke, don't fix it' rule.  Except now, it looks like its broke.

 

avatar

nekollx

 Lazy ITs, their probably connected to the internet to make windows update easy and LAN easy. The fix is easy to. Disable internet acess outside of schedualed windows update shedule checks till a fix comes in.

 

Or disable 16 bit apps. 

------------------------------
Coming soon to Lulu.com --Tokusatsu Heroes--
Five teenagers, one alien ghost, a robot, and the fate of the world.

avatar

roleki

Way to announce a vulnerability before the fix has been developed.  The vulnerability has been lying undiscovered for SEVENTEEN YEARS.  They couldn't wait another two weeks to roll out the patch and then fess up?  

 And good timing, as well.  Article 1:  Apple Product Saves Life Of Haitian Quake Victim.  Article 2:  Microsoft Builds Vulnerability Into 'Greatest OS Ever'

avatar

Biceps

My thoughts exaclty.  Or maybe it is a closely-watched trap for gullible Chinese hackers?

avatar

nekollx

 It's implied this is the vector for the Goggle Attack. Given that isn't it best people know a work around?

------------------------------
Coming soon to Lulu.com --Tokusatsu Heroes--
Five teenagers, one alien ghost, a robot, and the fate of the world.

avatar

DasHellMutt

No, you misread. This was discovered by the same engineer who discovered the flaw in IE that was one of the vectors of attack in the google incident. This "new" flaw is not known to have ever been exploited.

avatar

Biceps

If, for even only 5% of the users, the only work around is to not use their most critical programs (believe me there are plenty of organizations still running 16-bit apps), then I'm not sure it can really be called a workaround.

avatar

nekollx

 a good question

 

is it better to be vulnerable but unaware (vs something already exploited once) or protected but non productive? 

------------------------------
Coming soon to Lulu.com --Tokusatsu Heroes--
Five teenagers, one alien ghost, a robot, and the fate of the world.

avatar

Biceps

That would depend what kind of information you keep on your systems, I suppose.  If you have customer data, credit card info, ssn's, obviously you have to block 16-bit apps, regardless of impacts on productivity.

avatar

nekollx

 actually if they want to be PCI compliant they can't store credit card info. Honestly i don't know what deal newegg cut so they could but normal companies cant have credit card info accessible via the internet

------------------------------
Coming soon to Lulu.com --Tokusatsu Heroes--
Five teenagers, one alien ghost, a robot, and the fate of the world.

avatar

dreamsburnred

 I know toshiba has TONS of 16-bit software for its XP software. SD card manger, bluetooth, power saver...etc etc.

Hoster of http://canadiantechblogger.com

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.