Microsoft's Latest Vulnerability is 17 Years Old

From DailyTech: Usually Microsoft is a pretty quick patcher. With over a billion users of Windows operating systems, both new and old worldwide, Microsoft is under tremendous pressure to patch security flaws in all of its current and past operating systems.

However, every now and then one slips through the cracks. That appears to be the case with a flaw in the Virtual DOS Machine (or VDM), which was used to support 16-bit applications. The flaw in the VDM could allow a user to alter the kernel stack of processes, allowing them to run code with system level privileges. Thus the attack falls in the "elevation of privilege" (EOP) attacks class.

The flaw has been around since the release of Windows NT 3.1 in 1993. It continues to exist in all 32-bit versions of Windows to date. It does not exist in 64-bit versions of Window. Surprisingly, Microsoft claims that there have been no known attacks in the wild exploiting the flaw.

After being called out by some security blogs, Microsoft has now issued a security advisory -- Microsoft Security Advisory (979682) -- on the topic. It says it is working on a patch or update to fix the problem.

View: Article @ Source Site