Microsoft Confirms 17 Year-Old Bug in Windows

 
Software

Microsoft released a security advisory to acknowledge a flaw that affects every release of the Windows NT kernel, from Windows NT 3.1 up to and including Windows 7.

The flaw was first exposed by code released by Tavis Ormandy, a Google security researcher, who said that Microsoft was first notified about the issue back in June 2009, but after not seeing fixes and waiting several months he decided it was in the best interest of everyone to go public.

Windows_NT_3.1.png

Hackers with valid logon credentials could exploit this vulnerability to run arbitrary code in kernel mode, warned Microsoft. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Windows' 64-bit versions are not vulnerable to attack.

Ormandy affirmed that the vulnerability goes back nearly 17 years to Windows NT 3.1's released in 1993, and exists in every version of Windows including Windows 7 (released in 2009).

  • Share/Save

Comments

Surprise! You know what they say: "Better than never"

saif's picture
Submitted by saif on Fri, 22/01/2010 - 21:19.

I don't mean to sound like a smart-ass but I think you meant Better late than never. :)

Submitted by Daglees on Sun, 07/02/2010 - 23:40.

Could someone tell me what's the name of the bug please...

Submitted by Anonymous (not verified) on Fri, 12/02/2010 - 22:58.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • You may use [inline:xx] tags to display uploaded files or images inline.

More information about formatting options