Microsoft Finally To Patch 17-Year-Old Bug

eldavojohn writes "Microsoft is due for a very large patch this month, in which five critical holes (that render Windows hijackable by an intruder) are due to be fixed, in addition to twenty other problems. The biggest change addresses a 17-year-old bug dating back to the days of DOS, discovered in January by their BFF Google. The patch should roll out February 9th."

Not discovered in January

[WD]

Tavis disclosed the ntvdm vulnerability in January, however it was reported to Microsoft on June 12, 2009.
http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072549.html

Re:Nothing quite like a "timely" response

[bheer]

> Windows 3.1 - 7 are often based on the same code set.

You, sir, do not have the vaguest idea of what you are talking about.

> to get into windows 3.1 you need to type in "win" at the DOS window.

I thought for a moment you meant Windows *NT* 3.1 - 7, but ... it's clear that you didn't mean that.

FWIW, this bug affects all NT OSes right back to NT 3.1 (the first released version) and is an obscure kernel bug (it was only found in January 2010!). The BBC article was light on details except to say it "involves a utility that allows newer versions of Windows to run very old programs", but there's more detail from the always-excellent full-disclosure mailing list.

Re:"Finally"?

[Nimey]

It was reported to MS in the middle of last year, and the bug's discoverer made it public last month after Microsoft still hadn't fixed it.