Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 15
but can this be a record? Microsoft confirms 17-year-old Windows bug...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,296

    I knew things moved quicker in the world of open source


    but can this be a record? Microsoft confirms 17-year-old Windows bug
    What do we want?
    Time machines!

    When do we want 'em?
    Doesn't really matter does it!?


    Conkybots: Interactive plugins for your Conkys!

  2. #2
    Linux Enthusiast Bemk's Avatar
    Join Date
    Sep 2008
    Location
    Oosterhout-NB, Netherlands
    Posts
    525
    Quote Originally Posted by elija View Post
    Wow, that bug is about the same age as I am. That took long to fix!!!

  3. #3
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,023
    Jeez...
    Really on the ball, aren't they!
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

  4. #4
    Just Joined! fguy64's Avatar
    Join Date
    Aug 2009
    Posts
    87
    Quote Originally Posted by Bemk View Post
    Wow, that bug is about the same age as I am. That took long to fix!!!
    Long to find is more like it. All kinds of really bright people devote all kinds of time to finding Microsoft bugs. This one must be pretty obscure if it escaped everyone's attention for this long.

  5. #5
    Linux Enthusiast Bemk's Avatar
    Join Date
    Sep 2008
    Location
    Oosterhout-NB, Netherlands
    Posts
    525
    Quote Originally Posted by fguy64 View Post
    Long to find is more like it. All kinds of really bright people devote all kinds of time to finding Microsoft bugs. This one must be pretty obscure if it escaped everyone's attention for this long.
    I think it wasn't really some one would bother to look at, because it has to do with the Virtual8086 mode on the CPU.

    I don't want to spoil the fun here, but the same man discovered this one:

    NEOHAPSIS - Peace of Mind Through Integrity and Insight

    --------------------
    Affected Software
    ------------------------

    All Linux 2.4/2.6 versions since May 2001 are believed to be affected:

    - Linux 2.4, from 2.4.4 up to and including 2.4.37.4
    - Linux 2.6, from 2.6.0 up to and including 2.6.30.4
    There already is a patch, but still.

    This one isn't such a dramatic safety breach though.

  6. #6
    Just Joined! fguy64's Avatar
    Join Date
    Aug 2009
    Posts
    87
    Quote Originally Posted by Bemk View Post
    I think it wasn't really some one would bother to look at, because it has to do with the Virtual8086 mode on the CPU.

    ...
    Virtual 8086 mode, isn't that that what you use when you run a DOS program in a command prompt window? Such as the old QBasic? I have a couple of older relatives who do just that.

    thanks.

  7. #7
    Linux Enthusiast Bemk's Avatar
    Join Date
    Sep 2008
    Location
    Oosterhout-NB, Netherlands
    Posts
    525
    Quote Originally Posted by fguy64 View Post
    Virtual 8086 mode, isn't that that what you use when you run a DOS program in a command prompt window? Such as the old QBasic? I have a couple of older relatives who do just that.

    thanks.
    Yes.

    The CPU has several states it can be in. The system starts in 16bit real mode, and can switch to 32 bit mode quite easily. It can also implement memory protection when in 32 bit mode, and that's when we say the system is in 32bit Protected mode. However, there are applications that rely on the real mode configuration, and to be able to continue to use those , the engineers at Intel came up with the Virtual 8086 mode, which allows a single process to be in real mode, while not disturbing the whole system. The catch here is that real mode lacks the protection from PM, which enables system security.

    Needless to say then, this mode must be handled with very high caution, as it is quite easy to implement mall ware in this mode.

  8. #8
    Just Joined! fguy64's Avatar
    Join Date
    Aug 2009
    Posts
    87
    A significant aspect of the flaw seems to be the following

    To exploit this vulnerability, an attacker must already have valid logon credentials and be able to log on to a system locally, meaning they must already have an account on the system," Bryant said in an e-mail.

    That seems to make the risk very very remote would you agree? It's not clear to me if a hacker could obtain said credentials if they weren't explicitly given?

  9. #9
    Linux Enthusiast Bemk's Avatar
    Join Date
    Sep 2008
    Location
    Oosterhout-NB, Netherlands
    Posts
    525
    Quote Originally Posted by fguy64 View Post
    A significant aspect of the flaw seems to be the following

    To exploit this vulnerability, an attacker must already have valid logon credentials and be able to log on to a system locally, meaning they must already have an account on the system," Bryant said in an e-mail.

    That seems to make the risk very very remote would you agree? It's not clear to me if a hacker could obtain said credentials if they weren't explicitly given?
    Now I'm on a network using an active directory, and I have a virus that exploits this spreading through it. Some one gave it it's password because it faked a locked system, now what?

  10. #10
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,023
    Quote Originally Posted by Bemk View Post
    Now I'm on a network using an active directory, and I have a virus that exploits this spreading through it. Some one gave it it's password because it faked a locked system, now what?
    Social Engineering at its finest, eh?
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •