Newly-Found Windows Bug Affects All Versions Since NT

garg0yle writes "A researcher has found a security bug that could allow privilege escalation in Windows. Nothing new there, right? Well, this affects the Virtual DOS Machine, found in every 32-bit version of Windows all the way back to Windows NT. That's 17 years worth of Windows and counting. 'Using code written for the VDM, an unprivileged user can inject code of his choosing directly into the system's kernel, making it possible to make changes to highly sensitive parts of the operating system. ... The vulnerability exists in all 32-bit versions of Microsoft OSes released since 1993, and proof-of-concept code works on the XP, Server 2003, Vista, Server 2008, and 7 versions of Windows, Ormandy reported.'"

Re:How do we know it's not already in use?

[frogzilla]

I don't think it is pedantic to point out (well maybe it is) that mega uses an M not an m and byte is signified with B not b. I see errors with unit symbols too often. Please remember that units are important. Remember Spinal Tap (" and ' are units too though I prefer to avoid them if possible).

You took the time to capitalise your writing according to standard rules of english. Just try to remember that Mb and MB are not letters as you are used to using but symbols with special meaning that coincidentally look like letters. This goes for all of the metric system prefixes and SI symbols.

I'll probably regret writing this but it hurts my head when I see these mistakes.

The main point you made was clear and I agree with you. Access to the source is a benefit to the user community.