A code flaw in Windows that has been around for 17 years raises some interesting questions. Are hackers not as diligent in ferreting out these vulnerabilities as we normally suspect? Or is it there are so many weaknesses in Windows that hackers haven’t yet gotten around to exploiting this particular one? Doesn’t matter, really. Microsoft has come clean on a just discovered flaw in 32-bit versions of Windows , and there’s a simple workaround that can provide protection until an official patch becomes available.
The problem lies in the Windows Virtual DOS Machine (VDM), which handles the task of running legacy 16-bit programs. It was discovered and first disclosed by Tavis Ormandy , the engineer for Google who also discovered the flaw in Internet Explorer that was exploited in the recent cyber-attacks against Google. VDM became a part of Windows back in 1993, with the release of Windows NT, and is a part of all 32-bit Windows versions since. (Including the 32-bit version of Windows 7.)
According to Microsoft’s advisory : “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” In other words it’s a flaw, if exploited, that hands over the keys to your PC kingdom.
Microsoft isn’t aware of any cyber-attacks that exploit the flaw. Instead, Microsoft says, “Upon completion of this investigation, [we] will take the appropriate action to help protect our customers.” That’s little comfort for the fretful among us, so Ormandy recommends a simple workaround: edit group policies to block 16-bit applications from running.
Image Credit: phil h/Flickr