back to article Windows plagued by 17-year-old privilege escalation bug

A security researcher at Google is recommending computer users make several configuration changes to protect themselves against a previously unknown vulnerability that allows untrusted users to take complete control of systems running most versions of Microsoft Windows. The vulnerability resides in a feature known as the …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Stop

    Ah but...

    Many installers require NTVDM to be enabled to run, especially older InstallShield ones.

    Disabling it isn't as problem-free as they make out :)

    1. Don Buchholz

      disabling s/w installers not always bad ...

      I could get a certain BOFH-ish pleasure from doing this with some end-users. :-)

  2. gollux
    Alert

    Whee!

    Here we go again! Shut down 16 bit application support.

  3. Captain Save-a-ho

    Reason to move to 64-bit Windows

    None of the 64-bit versions are vulnerable, as they don't have the 16-bit subsystems available...

    1. Anonymous Coward
      Thumb Down

      Interesting logic

      ...or maybe a reason to finally give up on Windows and use an OS that is less shite?

  4. mittfh
    Linux

    Other OSes are also available...

    ...which presumably are immune from this bug :)

    Having said that, Mandriva Updater finds security updates for various bits of my Mandriva 2010 box several times a week. So although there are hardly any viruses in the wild that exploit Linux systems (probably due to a combination of relatively low usage and a better security subsystem), evidently developers are continually finding (and fixing) security holes in the various components.

    Then again, the updates are usually very small in size, and are delivered as/when available, rather than several MB in size, collated together, then released once a month. And it's entirely up to you to initiate the downloads, unlike Windoze which downloads by default, unless you specifically ask it not to. Oh yes, then there's the joy of rebooting whenever any major update is installed :)

    I have to use Windoze at work, but at home, give me the penguin any day :)

    1. Trixr
      FAIL

      Oh, shut up

      Shall we talk about SSH and BIND exploits? No OS is immune to bugs. Sure, some are better than others, but none is -immune-.

      If you don't use Windows, then you've got nothing to worry about, then. So go away and play with your penguin, and let us discuss something that affects the rest of us.

      FWIW, I use Linux at home, and about 1/3 of our server fleet is Linux too. But sticking your head above the parapet to say "Blah blah blah Linux is best blah blah", when the topic is Windows, is bloody tedious in the extreme.

      1. Fran Taylor

        Poor examples

        bind is not even turned on by default in linux.

        ssh can be disabled with a single mouse click.

        Both of those exploits are blunted by SELinux anyway.

        Go ahead and try to disable a windows vulnerability this easily.

      2. Anonymous Coward
        FAIL

        You are rambling....

        SSH and BIND are *applications*, not OS's! They are in fact available to run on Windows.

        Get a grip, and stop lying about how much you use Linux.

      3. Anonymous Coward
        Anonymous Coward

        Me too...

        I use Windows, Unix and Linux at work and Windows and Linux at home, I hadn't kept up with updating my AA1/Fedora 12 laptop, after about four weeks it had more than 300 packages to be updated. It took more than four hours to crunch through them.

        When I was a sysadmin, I didn't want to have to drop what I was doing to check out an update to a system, unless I _really had to_. Larger less frequent updates are better, you only have to do one set of testing whereas with lots of little updates you have to test each one individually.

        1. SJB

          @Fraser

          Yes well you will find that Fedora 12 has a lot of package updates during it's life cycle, this is because it's meand to be on the leading edge. If you don't like it you can use RHEL where most of the problems have been fixed. Or windows where it appears the problems haven't ...

      4. ajb673

        But this is the kernel

        But this is a kernel exploit, not 3rd party software. Yes there have been exploits in ssh and bind, but they've been fixed asap by the OSS community, and not dumped at the back of a very long queue by a corporate entity who at first denies the problem exists, then denies it's being exploited, then after 6-12 moths finally gets around to patching it, but then leaves it until the next patch day, rather than pushing the patch out asap.

        But anyway, you're clearly an MS fanboi, so there's no point using logic in an argument with you.

      5. Ocular Sinister

        If my memory serves me well...

        The SSH exploit affected windows too, assuming you had applications or services installed that used OpenSSH. Its one of those things that is kind of part of the OS, but isn't...

    2. phoenix
      Alert

      hmmm

      So you never need to reboot Linux - oh yes you do (mostly when it's a desktop I 'll conceed). I use Debian ,windows and BSD and they all have their ifs and buts.

      MS tries to be all things to all men with backward compatibilty - must be a nightmare for a code maintainer. Afterall you could buy OSX which regularly drops support for your applications, forcing you to buy a massively inflated (in cost and bloat), newer version when it changes face. At the end of the day annoyance should be aimed at the cracking exploiters of these holes not at the companies and people trying to patch all the time.

      1. Keith Oldham
        Linux

        Re : hmmm

        You never NEED to reboot Linux unless you install kernel/module updates. My desktops/laptops now boot so fast that they can be switched off

        My low-power file/print/allsortsserver, on the other hand, runs for months at a time.

        All running various versions of OpenSUSE

      2. Anonymous Coward
        FAIL

        @phoenix - Can't let that lie...

        "Afterall [sic] you could buy OSX which regularly drops support for your applications, forcing you to buy a massively inflated (in cost and bloat), newer version when it changes face."

        Not at all. Last upgrade was £25. Previous to that it was about £80. How much was a Windows upgrade? RRP of £99.99 for Home "Premium", whatever that is. Since there is only one SKU of OSX, a fair comparison would arguably be with the fully featured "Ultimate" edition at an RRP of £199.99! (source for both: microsoft.com) Not that one is *forced* into upgrading at all. My Mum still uses Leopard on her Mini and my brother still uses Tiger on his 2004 iMac, both without problem. Admittedly some developers stop supporting previous versions, but that's up to them. When you get a new Mac OS, that is *all* you get. No 'bloat' at all. You are obviously referring to the iLife suite that comes with a new Apple computer. It's easily "uninstalled", just drag the apps to the trash and then empty! Done! Upgrades haven't regularly broken other apps either, well certainly less than Vista did when it was released and nothing that *greedy* software companies couldn't counter by releasing a patch. The extent was over-exaggerated. Interestingly enough small independent developers had no problem supporting the transition from 10.5 to 10.6, it was the greedy SOB's like Adobe that had "issues". In fact the CS3 range works fine, at least as well as it did before. Microsoft Office, perhaps ironically, had no problems at all!

        At the end of the day blatant fanboys shouldn't use use FUD and throw-up pointless, ill-informed and irrational arguments to try and deflect from the fact that their preferred OS has had a security flaw for 17 years.

        1. Anonymous Coward
          Anonymous Coward

          @ @phoenix

          The last update was indeed £25, the previous update was _and still is_ £85. As a PPC 10.4.11 customer who needs to upgrade, due to a critical app no longer working, if I want to take that £25 update I have to spend somewhere in the region of £1k to replace my current hardware or spend well over the odds upgrading to an old version of the OS. I have yet to hear of any other company who treats its customers with such contempt. Yes, drop support for old hardware, but don't keep the prices of updates to old OSes more than three times the price of the current OS.

          Anyway, as it turns out, the soultion was to install Fedora 12 for PPC. I very much doubt I'll be buying Apple again.

          1. Anonymous Coward
            Anonymous Coward

            @Fraser; Here we go...

            So spend the extra £60!!! The hardware change was announced in 2005, and completed Q1 2006. Snow Leopard was released Q3 2009, 3 and a half years later. Apple made it *very* clear that they were not going to support PPC forever. They often rightly get criticised for not being transparent, but with the switch over they were nothing but! In fact this switch over war less painful that the 68K to PPC switch over which seemed to happen over night! You had ample time to prepare. That doesn't necessarily mean that you had to buy a new Mac. It means you had 3.5 years at least look at alternatives, which you obviously have. I guess the fact that you switched to Linux mean you were talking shit about your supposed 'critical' app (ODFO!) when clearly cheaper or free alternatives were available! No-one puts a gun to your head and says "use OSX" or "Use Windows!". £85 is _still_ cheaper than the cost of an upgrade to Windows 7 Home Premium! Why should you be 'rewarded' for NOT upgrading to begin with?!

            1. Anonymous Coward
              Anonymous Coward

              @@Me

              Ok: Critical app is Mythtv Frontend, which as of 0.2.2-2 no longer works on 10.4.11, but does in 10.5.? or PPC linux. So no, I wasn't talking shit.

              I will state again: I am not aware of any other company that charges more for older versions of software than new. This is my beef, not that the machine is getting old, but that apple expect me to pay more than three times the cost of the current version of the OS for an older version.

            2. phoenix
              Pint

              @ keith Oldham @ AC20/01 12:46 @ @Fraser

              @Keith - you are correct but that still means you have to reboot the OS I was not inferreing Linux required as many reboots as windows - of course not

              @AC and Fraser Please re-read my post:

              "Afterall you could buy OSX which regularly drops support for your APPLICATIONS, forcing you to buy a massively inflated (in cost and bloat), newer version when it changes face.

              I was not refering to the OS but the applications such as Photosohop CS4 which due to the Coccoa / Carbon fiasco still doesn't work on snow leopard unless things have changed. I am no expert but taking the processor architecture aside we had to buy quite a bit of new software for the alte versions of OSX.

              Personally I'm not too enamoured with any of the current OSs in desktop form. I wish Europe would get together look at the flaws in Linux / Unix and write a better OS than both of those because I think it is possible - any takers?

          2. Anonymous Coward
            Coat

            You think you have problems..

            "As a PPC 10.4.11 customer who needs to upgrade, due to a critical app no longer working.."

            Stop complaining, you have it easy, Apple dropped support for my stone circle without warning me. The fricken' thing is HUGE, it was really expensive to install. I should have been given a longer grace period, giving me time to upgrade.

            Now I can no longer run the newest versions of Final Cut- just because *THEY* sold us out to the PEECEE nazi vampire liberals with their capitalist running whelk "x86" so-called "processors"!

            1. phoenix
              Happy

              @20th January 2010 23:10 GMT

              Where's Mr Bryant when you need him he'll learn about how great the powerpc line is now as in not great. Take it up with your Uberman Jobs he made the jump.

        2. phoenix
          Troll

          Fanboy

          Pot calling the kettle black. I am no MS fanboy just making the point that a being a macality can cost you dearly. Anyway Apple's work was mostly done for them (as in brilliance, security and stablility) by the BSD crew so I'm not sure what mactards always crow about I guess in IT knowledge terms they are still on Peter and Jane books ;-)

      3. LawLessLessLaw
        Boffin

        uptime schmuptime

        OpenBSD - been serving from Apache for the longest time, currently

        1:00PM up 542 days, 37 mins, 2 users, load averages: 0.10, 0.15, 0.16

        I had to reboot it 542 days ago because I pulled the power cord by accident

        btw. privilege escalation is a design error, an all powerful Root / Administrator is not *required* in an OS. Archaic OSes will continue to be archaic. so Lunix / Windows FAIL

  5. adnim

    Ignorance is bliss

    Why is it that security researchers and hackers can find hundreds of holes, flaws and exploits in MS software, yet the developers themselves and the security officials at MS always appear to be unaware of any flaws or attacks exploiting them?

    Tavis' report only hit full disclosure at around 7pm UK time, and as his report contains a link to "Possibly naive example code for triggering this condition". So I would imagine that Microsoft security officials will be aware of attacks targeting the flaw soon enough.

    Tavis informed MS on the 12-Jun-2009 about this flaw, so MS security officials have had over 6 months to look into and mitigate this risk. Please don't go providing excuses for their tardiness in this matter by stating they have the "potent Internet Explorer bug" to work on.

    If MS can afford the best lawyers to protect their patents from infringement and themselves from litigation they can afford to hire a greater number of security researchers and fully test their abominations before foisting them on the market place for beta testing.

    1. Anonymous Coward
      Linux

      They can...

      ... but they won't. They don't really care about security; that's what you get with a commercial system. It's only money.

      OSS FTW!

    2. Russ Tarbox

      Probably because...

      ...they have a finite number of people working on the code and testing, whereas millions around the world get their hands on the product. It's the same reason that books and magazines go to print with typos, some electronic products have to be warranty repaired, etc etc. But because it's computer software, and Microsoft in particular, all hell breaks loose.

      1. Anonymous Coward
        Anonymous Coward

        Re: Probably because...

        "they have a finite number of people working on the code and testing, whereas millions around the world get their hands on the product."

        "millions" is not the opposite of "finite". It's just as finite as any other number you can write down.

      2. John Angelico
        Flame

        but because...

        Quote:

        "But because it's computer software, and Microsoft in particular, all hell breaks loose"

        Well, it's because MS people at high levels keep making motherhood statements about security and top priority in the same sentence, and then go on about a quality assurance program, ad nauseum, followed by this kind of tardiness when the rubber hits the road, that the computing community becomes thoroughly jaded.

        They NEVER spend enough on quality, but they sure as hell spend heaps on lawyers, and after-market support.

        How come they can't grasp the financial impact of quality from the ground up? Corporate culture.

        And that's why all hell breaks loose whenever these revelations are leaked.

    3. Nigel 11

      This is why ...

      An anecdote. A rich man was once driving his Rolls-Royce through rural france when he hit an enormous pot-hole and horrible noises started coming from the car. At the next village garage, the mechanic diagnosed a failed rear axle and contacted Rolls-Royce. Their response was that they would be flying out a mechanic with the necessary spare parts and the car should be fixed by mid-day next.

      When the man returned from his travels, he did not receive an invoice. After some time, being an honest man, he contacted Rolls-Royce about the missing bill. Their reply was short.

      "Dear Sir

      "We have no record of the rear axle of a Rolls-Royce Silver Shadow ever having failed.

      "Yours Sincerely

      "

      I suspect that Microsoft likewise prefers not to know of any un-fixed security-critical issues in their systems.

    4. Anonymous Coward
      Anonymous Coward

      Umm

      You're mistaking the famous (and wildly successful) marketing and legal outfit "Microsoft" for a technology company, I fear.

  6. John Tserkezis

    @Ignorance is bliss

    Bugs and vulns are fixed on a priority basis. Once they get down to 30K bugs or so, it's done.

    Highly publicised vulns (even if they're relativley minor) are fixed earlier, because public perception is more important to the bottom dollar, than actual security.

  7. Henry Wertz 1 Gold badge

    Why not found and fixed sooner?

    "Why is it that security researchers and hackers can find hundreds of holes, flaws and exploits in MS software, yet the developers themselves and the security officials at MS always appear to be unaware of any flaws or attacks exploiting them?"

    I think it's BECAUSE it's closed source. I think Microsoft has used automated vulnerability scanners to find the obvious holes, but they are not going to be going over and over existing code to look for vulnerabilities, not as much as popular open source projects (for instance the Linux kernel.)

    The early dosemu vm86 support in Linux ALSO had security holes. One apparently involved using DPMI (DOS Protected Mode Interface), which 32-bit DOS apps used (and NTVDM also supports), going into DPMI mode and then dicking around with the memory management tables, you could (sound familiar?) map kernel memory space and read or modify the kernel. They first Linux kernels came out in late 1993, and they fixed this in early 2.1 series in 1996. So, about 14 years earlier.

    1. The Fuzzy Wotnot
      Unhappy

      Developers don't control their software anymore

      Nope, it;'s ';cos software these days is developed by committees and marketers, not by developers! Developers write code, they make stuff happen, the marketers decide if software product X does ABC and hopw it does ABC and when, They decide if a small portion of time can be spared to allow the testers and develpers to check the code, Q&A is an afterthought because time is money for companies like MS and Apple. Apple has it slightly easier, they only have one fixed O./S and a limited hardware platform so they have less bugs, but even that fixed kit still has major problems.

      They way software is now, money,money, money. Even in OSS, to a lesser extent, but OSS still needs funding and to get that they still have to deliver the base O/S products by the date they said they would, else the funding may be cut.

      Sad but true.

    2. Anonymous Coward
      FAIL

      @ Henry...

      http://www.theregister.co.uk/2009/08/14/critical_linux_bug/

      http://www.itworld.com/operating-systems/53531/developer-fixes-33-year-old-unix-bug

      That is all.

  8. Christian Berger

    Privilege escalation?

    How? I mean 99.9999% of all Windows users work as "Administrator" anyhow.

    If Win64 actually cannot run win16 applications it's no alternative either. Businesses depend on such applications to run.

    1. Entropy 1

      V for..

      Virtualisation..

  9. TeeCee Gold badge
    WTF?

    Versions?

    "...tested on all versions of Windows except for 3.1."

    Er, do you mean NT 3.1 by any chance? You had me rather puzzled in a sort of "why would you want to?" sort of way for a while there. You also caused me to remember some things that are best left forgotten.....

    1. Anonymous Coward
      Happy

      and not forgetting

      NT 3.5 and 3.51 (aaaaaahh, happy days)..and NT4 of course.

  10. Forget It
    WTF?

    Call me dumb ...

    but how do I go about "disabling the MSDOS and WOWEXEC subsystems" on winXP-SP2 ?

    Yes I'm to dumb to follow the very grey instructions at

    http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html

  11. amanfromMars 1 Silver badge

    Worse than Feared or Better than XPected is a Subjective Semantic Call in MetaDataBase Circles

    "Developers don't control their software anymore" .....The Fuzzy Wotnot Posted Wednesday 20th January 2010 06:04 GMT

    The Fuzzy wotnot,

    QuITe Obviously Some, and if they are into Network InterNetworking that may be More than just a Few, are able to Control IT, Developers Software, Remotely, with Escalating Elevated Privileges Enabling Rogue Phantom Pirate TakeOver of Kernel Properties with Revisioned Intellectual Protocols Enabling SMART Access to Programs/Projects.

    Now whether you See/C that as a Malignant Cancer for yourself or a Benign Cure for Systems in the Community, would depend entirely upon what you would be Actively Currently Engaged in Protecting and Promoting/Pimping and Pumping.

    And quite Who and/or What would be Some and/or More than just a Few, is a Key Riddle, wrapped in a Magical Mystery, inside an Enigmatic Colossus and ITs Turing Virtual Machinery CodeXSSXXXX? And Shared as a Question because who Knows, whenever the Unknown is not Known and whenever the What We may Learn and would then Know about the Whomever Today, Changes the Questions for Tomorrow.

    And it is Naive to Not Imagine that All Systems and Browsers in Operation are similarly Vulnerable IntelAIgent Proxies.

  12. Mage Silver badge
    FAIL

    Not used Much?

    I've loads of old SW I can't replace that is either DOS or Win16.

    Some cases there is no replacement.

    Others I can't afford an upgrade. My Win16 Adobe Première Video Editing still works on XP.

    For really DOS apps, there's DOSbox, http://www.dosbox.com/ ARM and X86 versions, so there should be an x64 version too. No idea what security issues though. Since DosBox is a Emulated system and doesn't switch CPU to real mode, it should work on WOW64 on x64 Windows.

    Windows 0.73 Win32 installer

    Gentoo Linux 0.73 portage

    Source 0.73 Source

    Mac OS X 0.73 dmg (Universal)

    Solaris 10 - sparc 0.73 pkg

    FreeBSD package 0.72 TBZ

    Fedora Core 0.72 rpm

    OS/2 0.72 exe (OS2)

    BeOS 0.63 binary (x86)

    Risc OS 0.63 zip

    TBH for regular users I can't see the point of x64. It uses more RAM always, to do the same thing and runs 32bit software slower. Unless you are running 8GByte RAM weather Simulator or a stupidly written game why would a single app need more than 512M, never mind more than 2G (the normal win32 limit per app, though 3G is possible).

    1. Anonymous Coward
      Anonymous Coward

      64 bit win

      Dosbox works fine on my Vista 64 bit. I also don't have a problem with speed of 32bit apps. As for RAM, I've got 4Gigs, it doesn't cost that much these days.

      As for the legacy stuff you want to run, maybe a VM would work?

    2. Nigel 11
      Boffin

      Reasons for x64

      The point of x64 is that a single process (or application) can utilize more than 2Gbytes of virtual address space. In certain types of application it is possible that >2Gb of VA space can be mapped onto less than 1Gb of physical RAM without the system paging itself into catatonia. So it can occasionally make sense to run x64 on a system with 1Gb RAM, and it almost always makes sense if the system has 4Gb.

      Another reason is if you are developing 64-bit applications on a smaller box. They don't ever allocate >2Gb in your development environment, but let them onto the big iron with a heavier load or model, and they will then.

      A third reason is if you run VMware player and *ever* want to boot a 64-bit guest O/S. Incidentally, VMware itself takes advantage of certain VM support available only in x64 mode, and allegedly runs faster on x64. (I've not tested this assertion).

      4Gb systems are only one step up from the sensible default these days, and are probably set to become standard pretty soon.

  13. Andrew Bolton
    Pint

    17 year old bug is not surprising...

    ... if it was from code written 17 days ago, I'd be more worried, frankly. The headline seems to imply we should be greatly surprised that the bug has existed this long. I doubt very much if there is incentive to go back and security-check 17 year old code. I'd prefer they devote time to audit any new code written.

    Where's the mountain out of a molehill icon? I'll just go with beer. I like beer.

    1. ElReg!comments!Pierre

      Not 17 yo... 17 years lasting.

      The worrying part is that it's been carried on until now. In all non-64 bits versions. Jumping the one and a half alleged complete codebase overhaul. Surely it says a lot about MS testing practices?

  14. jon 72
    Linux

    Tankyou for calling tech support

    Apologies for the delay.. Tech Support was playing with their Pengiun...

    Normally I would not bother with such a tedious comment from a disgruntled windows user but today is different, it's snowing again and they really are playing with the inflatable penguin.

    1. Mark Eaton-Park
      Linux

      Where can I get an inflatable penguin?

      Wah, I wanna inflatable penguin too

  15. Mage Silver badge
    Alert

    Actually...

    I have a copy of Win 3.1 (not the rather better WFWG3.11 with Win32s etc ) running in DOSbox. Takes seconds to boot. :)

    I have an old 160MHz 486 with real WFWG3.11 and a PIII 450MHz laptop multiboot WFWG3.11, Win98, Win2K and Ubuntu.

  16. Andy Enderby 1

    well, well, well.....

    I think this supports the old descriptions of Windows as 32 bit extenstion to a 16 bit kludge, that used to sit on an 8 bit OS, and as much as anything demonstrates the need for MS to quit dicking around and start designing their products, rather than allowing them to evolve as a near biological entity. When was the last time the huge mound of legacy code recyled into currently supported products was actually audited in the context of where it is being used in XP/Vista/7 rather than where it was originally deployed ?

    Instead of pushing out the next version of code and having it stated by marketing folks that it's "new from the ground up", as has been the case with Vista and 7, how about it being literally true next time eh ? Designed on solid engineering practices, rather than recycling the same mistakes that have blighted the product lines history. The marketing dweebs may even have something to base their attack pieces on other than FUD. Right now though, I strongly suspect that most will be happy if they simply fix the problem immediately at hand.

    @Trixr - strongly agree.

    1. Eddie Edwards
      Pirate

      Quite

      "I think this supports the old descriptions of Windows as 32 bit extenstion to a 16 bit kludge, that used to sit on an 8 bit OS, and as much as anything demonstrates the need for MS to quit dicking around and start designing their products"

      Yes, Microsoft should definitely abandon their DOS-evolved systems and rewrite the kernel from scratch, possibly using some of those clever VMS guys.

      Oh wait, they did.

      1995 called. They want their anti-Microsoft rant back.

    2. Anonymous Coward
      Anonymous Coward

      Windows NT isn't Windows 3.1 etc

      Windows NT is a separate codebase, entirely written from scratch, it was even initially written on non i386 machines in order to make sure that no old machine code could be included (mainly to ensure portabillity). The 16 Bit support is included into Windows by means of a separate execution subsystem, known as wowexec. This old cack about Windows being built on the old 16Bit DOS/Windows code comes from people not understanding the difference between Windows NT and the DOS/Windows 3.1->Me OSes. They are totally different.

      It should also be noted that UNIX, Mac OS, Linux and any OS you care to mention has a large amount of legacy code. Hell, even zOS still uses HASP to print - the Houston Automated Spooling Program, developed by NASA for the moon landings. Old code is not by definition bad code, often it is of much higher quality than new code.

    3. Anonymous Coward
      FAIL

      do you even know...

      what NTVDM and WOWEXEC are? Judging by your (it's all 16-bit underneath) rant I'm guessing you haven't got a clue.

      They provide the backwards compatibility BECAUSE it isn't 16-bit underneath (unlike Win95 , ME etc). They effectively provide a virtual machine to run DOS apps in, a sort of virtual DOS machine, running on NT, an NT virtual dos machine, NTVDM - geddit.

      FYI the WOW is Windows (16) on Windows (32), which add the graphical layer (like win95 did to Dos).

  17. Anonymous Coward
    Anonymous Coward

    Struth

    Yet again Microsoft pwns itself by continuing to support manky old apps. 16 bit apps no less. "because businesses need them"

    Cry me a river. Christ why don't we all just go back to 8 bit while we're at it?

    If you want to run 16bit apps get your ass back to Windows 95 and let the rest of us concentrate on running code that was written this century.

  18. Daniel 1
    Joke

    There are so many ways of escalating privileges on Windows systems

    Most IT professionals rely on them to subvert the restrictions visited on them by their IT centres. Please don't disable them, or we'll have to find new ones.

    Everyone likes to point the finger at the people in Window Division and call them out (as if any of us think that 50 layers of dependencies and multiple circular dependencies would be a doddle to fix) but the real reason most of the IT industry isn't actively clamouring for Linux workstations, is that it would become possible for any spotty sys admin in some distant call centre to lock down our machines and prevent us getting anything done. if you've become really quite good at fixing leaky, dangerous, unreliable machinery, with dodgey electrics, you might secretly buy Japanese, yourself, but you'll still tell everyone else to keep "buying British", won't you?

    1. mumm-ra
      Paris Hilton

      Good point, well made..

      ...and a big grain of truth in it.

      I'm just happy that I have root on my own work desktop, and our IT guys aren't arses. Most of them are tolerable people that you could stand being in a room with, and in general, they do a great job. Even the people who look after the Windows users are friendly and nearly sane. Result, I feel :)

      (Sorry, that was a bit smug, wasn't it? Daniel 1 was pretty on the money though, in the general case)

  19. Watashi

    Google point-scoring?

    "Regrettably, no official patch is currently available," he wrote. "As an effective and easy to deploy workaround is available, I have concluded that it is in the best interest of users to go ahead with the publication of this document without an official patch."

    Has anyone told MS? It is not uncommon for an IT issue where I work to be raised through senior management, rather than through the helpdesk, by frustrated staff whose systems don't work. When asked why we haven't yet fixed the issue we have to explain that we can't fix problems that we don't know about.

    To balance things up a little, I see that Google has just added free Avast AntiVirus to their Google recommended software Pack. Last week MS beta AV software spotted a threat on my PC that Avast has missed for the last two years. Can anyone see Google suggesting people use MS free antivirus even if it is better than other free products?

    1. Daniel 1

      RE: Google point-scoring?

      Watashi asks:

      "Has anyone told MS?"

      However, the very article itself contains the line:

      "He (Ormandy) said he informed Microsoft security employees of the vulnerability in June."

      Now, admittedly, reading all the way down to the third from last paragraph of a story before hitting "comment" is a bit much, for some commenters to The Register - but unless you meant "has anyone told Marks & Spencers?", then the answer to your question appears to be enclosed in the original text, and appears to be a "yes".

  20. Version 1.0 Silver badge
    Grenade

    Windows vs Linux vs Windows vs Linux

    Please - can we start shooting some of these people?

    1. John 211
      Thumb Up

      why only some?

      Type your comment here — plain text only, no HTML

  21. Neal 5

    Pllagued by proof of concept

    OK, I give up, which one is it then?

    Proof of concept or plagued?

    proof of concept means plagued now does, fuck I've gotta buy one of those goddamned fucking Yankee dictionaries.

    next thing I'll know is that athletes foot is something you get from watching athletes.

  22. Bilgepipe
    Linux

    They don't like it up 'em

    The Windows apologists, ever ready on the trigger to abuse users of other OS's, really don't like people giving them a few home truths, do they? Heaven forfend they admit the shortcomings of their system of choice or the rambling, inept dinosaur that produces it. Wahh, SSH has a bug too, waahhh.

    Keep it up, Penguin people!

  23. EvilGav 1

    To all the haters . . .

    . . . who are intent on continually stating that "this shows Linux/OS of choice is better", "shoddy Windows" and so on.

    It's taken 17 years for this vulnerability to be found.

    Doesn't it strike you that, if the vuln's being pointed out are in 17 year old code, that the *new* code is maybe not so bad ?

    1. matt 83
      FAIL

      "17 years to be found"

      no it has taken 17 years for this vulnerability to be made public. Who know how many people have been using this before now.

    2. Anonymous Coward
      Anonymous Coward

      New code old code, all the same to me

      "Doesn't it strike you that, if the vuln's being pointed out are in 17 year old code, that the *new* code is maybe not so bad ?"

      Not really. Vulns are found in their new code every other day so it seems.

      The two things that do strike me though are that MS doesn't seem to have learnt much about secure coding in the last 17 years and what is a 17 year old bit of code that is used by 16bit DOS applications still doing in Windows 7!?

    3. Anonymous Coward
      FAIL

      @evilgav

      "Doesn't it strike you that, if the vuln's being pointed out are in 17 year old code, that the *new* code is maybe not so bad ?"

      Why would that follow? The Windows NT codebase is tiny compared to Win7 yet they still didn't find this bug (and hadn't after 17 years - what does that tell you about their testing). What makes you think they'll find serious bugs in a codebase 10 times the size?

    4. Anonymous Coward
      Black Helicopters

      Unknown to the wider world..

      .. but who knows how many people know, but are not letting on that they know! Microsoft, maybe? CIA black hats? Chinese whatever?

      We just don't know, and probably never will, such is the way with closed systems.

    5. Paul RND*1000
      Coffee/keyboard

      2 minute^W^W 17 year hate

      "It's taken 17 years for this vulnerability to be found."

      You forgot the punchline - "... by someone who wanted Microsoft to fix it. Which they still haven't done after, oh, like half a year. But what's half a year compared to 17 years really?"

      "Doesn't it strike you that, if the vuln's being pointed out are in 17 year old code, that the *new* code is maybe not so bad ?"

      That's the best laugh I've had all week!

      More likely people were too busy pointing out or exploiting the many, many, many flaws in the newer code to notice a gaping hole in some mostly pointless prehistoric subsystem.

  24. Anonymous Coward
    Anonymous Coward

    "ALL" versions?

    "The exploit has been tested on all versions of Windows except for 3.1."

    I'm surprised they tested it on Windows 1 and 2 before bothering with 3.1, which has a much bigger user base.

  25. Anonymous Coward
    Anonymous Coward

    Jesus people...

    Lets not get up our own arses with 'My computers operating system is better than yours' crap. Its supposed to be a news site, not a cock-waving forum.

    1. No, I will not fix your computer

      Irrelevant

      Betamax owner : "My technology is much better than yours"

      VHS owner : "Whatever, VHS is far more popular and has more films available"

      With a 2% market share Linux is in the same place as Betamax, FLAC is better than MP3, SACD is better than CD etc. etc. better doesn't mean more popular.

  26. adnim

    @AC: Jesus people

    I bet my cock's bigger than yours ;-)

    1. Anonymous Coward
      Headmaster

      Really?

      Snigger....

  27. NogginTheNog
    Unhappy

    Bedtime soon?

    Can all the children bickering about how much better 'their' operating system is (like it's yours anyway, like any of you ever actually contributed any code to any of them, in fact how many of you never even paid for them?) please go away and watch CBeebies or Nick Junior until your mum tells you to get your jammies on and get to bed?

    Then perhaps the adults can just get on with reading a grown up website with a grown up comment section.

    1. James Hughes 1

      All very well...

      But since when do grown up websites have to put up with adults who call themselves NogginTheNog?

    2. Anonymous Coward
      Coat

      Grown-up web site?

      The British Medical Journal? The Gruaniad? What is this website that you're alluding to, you fiend?

  28. Robert Carnegie Silver badge

    Anyone know a lightweight 32-bit spreadsheet then?

    I have a Windows PC with limited memory, and I've been using As-Easy-As (abandonware) to log Internet quota use. I'm pretty sure it's a 16-bit Windows version.

    This vulnerability seems to be about escalating from the local user's privileges to administrator rights - which is generally unauthorised access but not from malweb coming through the browser (for me, Opera), unless malicious web content has another way to sneak onto your PC. Another heoole in the system. Which would be bad by itself.

    Is it possible to disable these features for particular user accounts? Sandbox the browser? Or better, sandbag it. Of course I can run a Windows application as not my main user...

  29. Anonymous Coward
    Coat

    oh ffs....

    get a grip people......

    This so called vulnerability has been in existence for 17 years..... i assume as it was hidden for 17 years that it hasn’t been exploited? Well now its public it very soon will be....

    The fact it has been unknown for so long, in my eyes means didily squat. It’s been found now, it’s how its dealt with from this point on with that is important. Ok, so Microsoft may have known about it for a while, but there are still not mass outbreaks of computers screwed over from this hole so maybe they are correct in thinking it’s not something that needs immediate attention.

    It makes me laugh that windows 7 is not affected.... it reminds me of a security issue with windows xp that was brought to light a week before sp2 was released.... it would only be fixed by sp2 and sp2 would only install on proper licensed versions of windows (for a week or two anyway)...

    I suspect Microsoft will recommend the fix will be to upgrade to windows 7.....

    Microsoft knows a lot more about producing an OS than I do, and probably most of you lot reading this. Windows did not become the standard desktop OS for no reason. Maybe a few dirty tricks here and there but I dare any of you to say given the opportunity you would have done things much different....

    Windows is good for what it is.... a desktop for the masses, Linux has a long way to go to be able to challenge this. The average Joe Blogs does not have the skills needed to get a Linux distro up and running compared to a windows install. Apple computers are good if you want style over function and have money to waste,

    Linux had the perfect opportunity to take over the market place on netbooks, but Joe Blogs public spoke and would sooner buy a windows based netbook than a Linux flavoured one. Why? Because it works. my Linux aspire one was soon upgraded (some say downgraded) to windows to make it more functional for me as a photographer.... a lot less hassle to get my pictures from my Nikon to a computer to email to the news desk than to arse about with gimp....

    Mines the one with a flame proof lining...

    1. Anonymous Coward
      Anonymous Coward

      This title thing is getting to be a pissflap....

      "but I dare any of you to say given the opportunity you would have done things much different...."

      I sure as hell would have! Christ on a bike! I have ethics some way above that of a total shitbag breadhead, thanks just the same.

  30. Anonymous Coward
    Anonymous Coward

    @anon coward

    "i assume as it was hidden for 17 years that it hasn’t been exploited? "

    Yes , because obviously black hats publish their findings in public forums.

    It would only take 1 other person with malicious intent to have found this in that whole 17 years for a tool to be produced that exploited this. You can't prove a negative - you can't prove no one has written one.

    1. Anonymous Coward
      WTF?

      @ Boltar

      so if it was around all the black hat forums for up to 17 years, and not one of them explioted it in a malicious way, then i assume the vunrability is ether too hard to make any use of in the real world or they were saving it up for somthing special...

  31. Jimbob 3
    Thumb Down

    So says Google

    "according to this writeup penned by Tavis Ormandy of Google"

    Ahhh I see now. Google saying Microsoft has poor security.

    Nothing wrong with that because they are right on some levels, just slants the viewpoint of the article that is all.

  32. John F***ing Stepp

    Is this even a Linux / Windows issue?

    Just wondering because I have recently went over to the dork side (Debian) on my laptop.

    "I see dead zombies in the pipe; and sometimes they don't even know they are geeky."

  33. Anonymous Coward
    Anonymous Coward

    This info may help newbies BUT be CAREFUL !

    This will help those that want to do what is suggested in the article and turn of WOWEXEC and MSDOS. Just a point, to amateurs not to mess around with the Registry or you could lose access to your computer and everything on it !!. Unless you know what you are doing dont do it.

    http://support.microsoft.com/kb/220159

  34. John Smith 19 Gold badge
    Thumb Down

    17 years to find, but *no* black hat ever found it

    Does this sound plausible?

    Just hyperthetically would it be an idea that the *longer* a software component stays in an OS the *more* it should be checked.

  35. John F***ing Stepp

    A tale of two computers.

    Well three, actually.

    I ran xp sp1 for some years on my (very old) laptop; no antivirus but some half way decent hacks.

    It finally got three trojans (which caught my attention.)

    My wife (barefoot and on dialup) runs 2000; she got four trojans; one of which was a keylogger.

    Good-by Outlook express.

    (in retrospect I should have removed that when I installed the OS.)

    I have a friend who I fixed a computer for; he was pwoned within a week. I am still working that out in my mind. HOW IN THE HELL DID THAT HAPPEN?

    In the years since I started in this field, on an Amiga, in the 80s (and Amiga viri were cool) I have found that nothing is safe; nothing at all is safe. Yes, I know how to make it safe, write the OS to a CD and Boot new every time.

    Just another way of working without a net.

    (heh)

  36. nick 30

    maximum adressable memory

    The Pentium introduced 36-bit addressable memory giving upto 64gig of ram. The 3gig limit in 32-bit XP is a MS created limit for old legacy driver support and because of a small performance hit.

    1. Anonymous Coward
      Stop

      PAE

      Since we are so knowledgable please enlighten us thickies as to why a 32bit OS w2000- / Linux needs to run PAE to achieve 8Gib of addressable RAM? I know it is something to do with a 36bit messaging addressing fudge

  37. John Smith 19 Gold badge
    Coat

    Just for the record here is what a CMM level 5 company should do

    Fix the bug.

    Work out the form of bug and check the code base to find any similar instances.

    Fix them.

    Identify the faults in their development process that let them in the first place.

    Fix the process.

    Mine's the one with the old IBM J of Systems reprints in the pocket.

This topic is closed for new posts.

Other stories you might like