madison
Home / News & Blogs

17-year-old Microsoft flaw affects Windows 7

Tom Espiner ZDNet UK | January 20, 2010 12:03 PM PST

Summary

A flaw that has been present in Microsoft software since 1993, and still affects Windows 7, has been published by a security researcher.

Topics

Microsoft Corp., Microsoft Windows 7, Microsoft Windows, Operating Systems, Software, security, Windows, Windows 7, flaw, Neohapsis, Tom Espiner ZDNet UK
A flaw that has been present in Microsoft software since 1993, and still affects Windows 7, has been published by a security researcher.

Tavis Ormandy published details of the flaw on the Neohapsis mailing list on Tuesday.

The problem lies in the Virtual DOS Machine, Heise security explained on Wednesday.

Workarounds include users disabling the MS-DOS subsystem by starting the group policy editor and enabling the "Prevent access to 16-bit applications" option in a sub-menu of the computer configuration tab, according to the Heise article.

For more on this story, read "17-year-old Microsoft flaw affects Windows 7" on ZDNet UK.

Talkback Most Recent of 30 Talkback(s)

  • Quick Linux Geek impression
    M$ Windoze 7 is DOA. Plenty of FOSS alternitives
    (spelled wrong) to this dirty O$.
    ZDNet Gravatar
    SystemVoid
    20th Jan 2010
  • LOL! (nt)
    I think you just made LG pass from being a troll to being a joke!

    happy
    ZDNet Gravatar
    John Zern
    20th Jan 2010
  • Not only that, he did it using the correspondence principle and...
    in the process transformed himself from a joke to a troll.


    Absolutely Brilliant!
    ZDNet Gravatar
    The Mentalist
    20th Jan 2010
  • Sorry, TM, your material needs work.
    It just wasn't that funny.
    ZDNet Gravatar
    John Zern
    20th Jan 2010
  • It wasn't meant to be
    Besides, even if it was you would never be able to notice it.
    ZDNet Gravatar
    The Mentalist
    21st Jan 2010
  • another black eye for security through obscurity
    in Linux, thousands of eyes would have inspected the code and fixed it in a week.
    M$ could not fix it in 17 years.

    P.S.
    ABMers can't even be original!
    ZDNet Gravatar
    Linux Geek
    20th Jan 2010
  • Realy?
    There was that 8 year vunerability wasnt there! hmm thats still poor especialy as this flaw only effects x86 versions of windows.
    ZDNet Gravatar
    jdbukis@...
    20th Jan 2010
  • A thousand dollars...
    says you're not any part of those "thousands of
    eyes". You probably wouldn't know what to do
    with the Linux source code, even if you had it.

    Since you're likely too stupid to be a
    developer, let me inform you of something:
    You'd be surprised how many software developers
    could miss something like this.

    How many Linux bugs have you fixed? My guess?
    Zero. Loser.
    ZDNet Gravatar
    SystemVoid
    20th Jan 2010
  • RE: 17-year-old Microsoft flaw affects Windows 7
    That is pretty good security on Microsoft Windows when it takes researchers 17 years to find a flaw.
    ZDNet Gravatar
    Loverock Davidson
    20th Jan 2010
  • It only effecyts 32bit windows anyway.
    As 64bit windows does not have the dos virtual subsystem atleast for 16 bit apps and drivers.

    Depending on the nature of the flaw DEP may help too but that is speculation.
    ZDNet Gravatar
    jdbukis@...
    20th Jan 2010
  • They knew about this flaw for years....
    They just didn't think (as usual) that it was worth fixing because it was so difficult to exploit.
    ZDNet Gravatar
    Lerianis10
    20th Jan 2010
  • @Loverock Davidson
    Only you NonZealot, Mike Cox, xuniL_z, etc could spin this into a positive.

    I'm sure if it the headline read "17-year-old Apple flaw affects Snow Leopard" you would have a field day.
    ZDNet Gravatar
    Axsimulate
    20th Jan 2010
  • Why Not?
    Apple Users and Linux users do it all the time. Either that or they deny that flaws exist in the first place.

    That being said it is an old flaw and Microsoft should address it. Maybe some utility that can help the less saavy computer users disable the 16bit MS-DOS subsystem (even though the steps do not seem that hard) because the vast majority of people do not need it. Better yet disable it by default and make it one of those items you have to enable through "Turn Windows features on and off" like you have to do with things like telnet. Just another thing kept around for old legacy applications that only a fraction of the computer/windows users need.
    ZDNet Gravatar
    bobiroc
    20th Jan 2010
  • @bobiroc
    Sorry I left you out in my list, I hope your not too upset. It's just their are so many MS apologist in this forum, it's impossible for me to list them all.

    That being said, it's one thing to admit there is a 17 year old flaw how to mitigate/eliminate it and explain that since it's old 16 bit code it falls out the support dates. Every OS has bugs, No company is perfect. It's another to spin it in such a way as Loverock did and claim the code is so good that it took this long to find it. Yeah, right, and I have some beautiful land for sale in the south pole.
    ZDNet Gravatar
    Axsimulate
    21st Jan 2010
  • You MUST be on the MS payroll
    You are the best excuse-making propapologist of Microsoft on the
    internet.

    Very entertaining...
    ZDNet Gravatar
    mlindl
    21st Jan 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity