Bug introduced in Windows NT3.1 (1993) still affecting all subsequent releases of Windows!

Since NT was introduced, pure command line DOS was replaced with the Virtual DOS machine (VDM) that allows legacy DOS and 16-bit windows application to run on top of NT (all variants), XP, Vista and Windows 7.

It would seem the VDM engine has a major flaw!

Read more at neohapsis.com and packet storm security

A summary of the issue is that it is possible for a limited user (i.e. a non administrator user) to gain administrative privileges via the VDM.

A workaround is to disable 16-bit applications as part of the Active Directory policy for your domain.

SC




You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Bug introduced in Windows NT3.1 (1993) still affecting all subsequent releases of Windows!”

  1. SpittingCAML Says:

    Whilst on the subject of security IE6 seems to be hitting the press at the moment!

    Ed Bott’s Blog at ZDNet claims that employees putting up with IE6 as part of their job should be looking at removing their IT department. Words such as ‘malpractice’ being used!

    This of course is the reaction to the Chinese Google hackers!

    then… the BBC writes that the UK Government are using it, and GCHQ say it is fine due to increased security that the UK Government has, I assume in the form of firewalls and packet monitoring tools: Rory Cellan Jones BBC Blog

Leave a Reply