A Google engineer discovered a loophole dating from 1993 or Windows NT...

In a security bulletin released January 20, Microsoft confirmed the existence of a flaw in Windows 17 years old! A flaw found in the nucleus of 32-bit system which, if exploited, allows a hacker to take control of a computer. This is the VDM subsystem (Windows Virtual DOS Machine) which is part of Windows NT since version released in 1993 is concerned. This is an emulator for 16-bit applications to be launched on 32-bit systems.

This vulnerability was exposed as well as report to Microsoft all the way through by one of Google engineers, Tavis Ormandy. Encouraging, Microsoft alleged that it was less vital than the Internet Explorer vulnerability revealed lately. Indeed, the person wishing to make use of it must unavoidably have a local access on the machine he wants to attack, so it must have a valid account. So whichever attack exploiting this vulnerability has been reported today.

Prudent, Microsoft has still posted a small software that allows easily disable the function NTVDM, he advises to pending publication of a fix in the coming days.

Name: windows-nt.jpg Views: 15 Size: 12.6 KB