17-year-old Microsoft flaw affects Windows 7

A flaw that has been present in Microsoft software since 1993, and still affects Windows 7, has been published by a security researcher.Tavis Ormandy published details of the flaw on the Neohapsis mailing list on Tuesday.

A flaw that has been present in Microsoft software since 1993, and still affects Windows 7, has been published by a security researcher.

Tavis Ormandy published details of the flaw on the Neohapsis mailing list on Tuesday.

The problem lies in the Virtual DOS Machine, Heise security explained on Wednesday.

"Microsoft isn't having an easy time of it these days," said the Heise article. "In addition to the unpatched hole in Internet Explorer, a now published hole in Windows allows users with restricted access to escalate their privileges to system level – and this is believed to be possible on all 32-bit versions of Windows from Windows NT 3.1 up to, and including Windows 7."

Workarounds include users disabling the MS-DOS subsystem by starting the group policy editor and enabling the "Prevent access to 16-bit applications" option in a sub-menu of the computer configuration tab, according to the Heise article.