I knew things moved quicker in the world of open source

[elija]

but can this be a record? Microsoft confirms 17-year-old Windows bug

[Bemk]

but can this be a record? Microsoft confirms 17-year-old Windows bug

Wow, that bug is about the same age as I am. That took long to fix!!!

[jayd512]

Jeez...
Really on the ball, aren't they!

[fguy64]

Wow, that bug is about the same age as I am. That took long to fix!!!

Long to find is more like it. All kinds of really bright people devote all kinds of time to finding Microsoft bugs. This one must be pretty obscure if it escaped everyone's attention for this long.

[Bemk]

Long to find is more like it. All kinds of really bright people devote all kinds of time to finding Microsoft bugs. This one must be pretty obscure if it escaped everyone's attention for this long.

I think it wasn't really some one would bother to look at, because it has to do with the Virtual8086 mode on the CPU.

I don't want to spoil the fun here, but the same man discovered this one:

NEOHAPSIS - Peace of Mind Through Integrity and Insight

--------------------
Affected Software
------------------------

All Linux 2.4/2.6 versions since May 2001 are believed to be affected:

- Linux 2.4, from 2.4.4 up to and including 2.4.37.4
- Linux 2.6, from 2.6.0 up to and including 2.6.30.4

There already is a patch, but still.

This one isn't such a dramatic safety breach though.

[fguy64]

I think it wasn't really some one would bother to look at, because it has to do with the Virtual8086 mode on the CPU.

...

Virtual 8086 mode, isn't that that what you use when you run a DOS program in a command prompt window? Such as the old QBasic? I have a couple of older relatives who do just that.

thanks.

[Bemk]

Virtual 8086 mode, isn't that that what you use when you run a DOS program in a command prompt window? Such as the old QBasic? I have a couple of older relatives who do just that.

thanks.

Yes.

The CPU has several states it can be in. The system starts in 16bit real mode, and can switch to 32 bit mode quite easily. It can also implement memory protection when in 32 bit mode, and that's when we say the system is in 32bit Protected mode. However, there are applications that rely on the real mode configuration, and to be able to continue to use those , the engineers at Intel came up with the Virtual 8086 mode, which allows a single process to be in real mode, while not disturbing the whole system. The catch here is that real mode lacks the protection from PM, which enables system security.

Needless to say then, this mode must be handled with very high caution, as it is quite easy to implement mall ware in this mode.

[fguy64]

A significant aspect of the flaw seems to be the following

To exploit this vulnerability, an attacker must already have valid logon credentials and be able to log on to a system locally, meaning they must already have an account on the system," Bryant said in an e-mail.

That seems to make the risk very very remote would you agree? It's not clear to me if a hacker could obtain said credentials if they weren't explicitly given?

[Bemk]

A significant aspect of the flaw seems to be the following

To exploit this vulnerability, an attacker must already have valid logon credentials and be able to log on to a system locally, meaning they must already have an account on the system," Bryant said in an e-mail.

That seems to make the risk very very remote would you agree? It's not clear to me if a hacker could obtain said credentials if they weren't explicitly given?

Now I'm on a network using an active directory, and I have a virus that exploits this spreading through it. Some one gave it it's password because it faked a locked system, now what?

[jayd512]

Now I'm on a network using an active directory, and I have a virus that exploits this spreading through it. Some one gave it it's password because it faked a locked system, now what?

Social Engineering at its finest, eh?