Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Finally To Patch 17-Year-Old Bug

Posted by timothy on from the not-quite-barely-legal dept.

eldavojohn writes "Microsoft is due for a very large patch this month, in which five critical holes (that render Windows hijackable by an intruder) are due to be fixed, in addition to twenty other problems. The biggest change addresses a 17-year-old bug dating back to the days of DOS, discovered in January by their BFF Google. The patch should roll out February 9th."

7 of 251 comments (clear)

  1. Re:Nothing quite like a "timely" response by SEE · · Score: 4, Informative

    Um, no. The bug was introduced in Windows NT 3.1, and has remained in the NT line ever since. Windows 7 is very much still built on the NT codebase.

  2. Re:Nothing quite like a "timely" response by supersat · · Score: 4, Informative

    Windows 7 is Windows NT 6.1. NT has been in development for over 20 years.

  3. Not discovered in January by WD · · Score: 5, Informative

    Tavis disclosed the ntvdm vulnerability in January, however it was reported to Microsoft on June 12, 2009.
    http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072549.html

  4. Re:Windows NT by supersat · · Score: 4, Informative

    It's not a bug in DOS, but a bug in the NT virtual 8086 machine monitor. Since hardly anyone still runs DOS applications, it's not surprising that it took so long for the bug to be discovered. It's a feature that's not often thought about.

  5. Re:oldest bug evar... and other leet speechisms by nicknamenotavailable · · Score: 4, Informative

    Is this a record(for a bug that's "known about" anyways?

    A while ago OpenBSD developer found a 33 year old bug.
    It depends on your definition of "known about" I guess.

  6. Re:Nothing quite like a "timely" response by bheer · · Score: 5, Informative

    > Windows 3.1 - 7 are often based on the same code set.

    You, sir, do not have the vaguest idea of what you are talking about.

    > to get into windows 3.1 you need to type in "win" at the DOS window.

    I thought for a moment you meant Windows *NT* 3.1 - 7, but ... it's clear that you didn't mean that.

    FWIW, this bug affects all NT OSes right back to NT 3.1 (the first released version) and is an obscure kernel bug (it was only found in January 2010!). The BBC article was light on details except to say it "involves a utility that allows newer versions of Windows to run very old programs", but there's more detail from the always-excellent full-disclosure mailing list.

    --
    Go somewhere random
  7. Re:"Finally"? by Nimey · · Score: 5, Informative

    It was reported to MS in the middle of last year, and the bug's discoverer made it public last month after Microsoft still hadn't fixed it.

    --
    Hail Eris, full of mischief...

    E pluribus sanguinem