Linked by Thom Holwerda on Wed 20th Jan 2010 22:45 UTC, submitted by kragil
Windows I guess it's Windows-flaw-week or something. First, we had the Internet Explorer vulnerability used in the Google attack, and now we have a bug that's been sitting undetected in Windows NT for 17 years. The bug can be used to escalate privileges, but from what I understand, it only works locally (although that isn't made clear).
Thread beginning with comment 405453
To read all comments associated with this story, please click here.
funny_irony
Member since:
2007-03-07

Many DOS apps need direct access to bios in order to work. To have 100% compatibility with 16 bits DOS. It is necessary to have admin privileges.

It would be funny if nobody in MS knows about it. Either the developer left the company without telling them or the code are included without permission from the supervisor.

Reply Score: 1

Andre Member since:
2005-07-06

This bug was introduces in the early days of Windows NT. In that time, according to what I have read, the policy wasn't as strict as it is nowadays. So, I can imagine, if the bug was introduced in that early stage, that noone would have known about it years later.

Reply Parent Score: 1

f0dder Member since:
2009-08-05

So, I can imagine, if the bug was introduced in that early stage, that noone would have known about it years later.
Exactly.

I don't find it unlikely that NTVDM has sat pretty much untouched since NT4 - it's not the kind of subsystem that's going to need a lot of updates, since the stuff it supports is pretty much feature-frozen... and it's not the first place you'd expect to be exploitable, since the CPU handles most of the encapsulation via V86 mode.

And the exploit is nontrivial, pretty interesting piece of code ;)

Reply Parent Score: 1