back to article Windows plagued by 17-year-old privilege escalation bug

A security researcher at Google is recommending computer users make several configuration changes to protect themselves against a previously unknown vulnerability that allows untrusted users to take complete control of systems running most versions of Microsoft Windows. The vulnerability resides in a feature known as the …


This topic is closed for new posts.


  1. Anonymous Coward

    Ah but...

    Many installers require NTVDM to be enabled to run, especially older InstallShield ones.

    Disabling it isn't as problem-free as they make out :)

  2. gollux


    Here we go again! Shut down 16 bit application support.

  3. Captain Save-a-ho

    Reason to move to 64-bit Windows

    None of the 64-bit versions are vulnerable, as they don't have the 16-bit subsystems available...

    1. Don Buchholz

      disabling s/w installers not always bad ...

      I could get a certain BOFH-ish pleasure from doing this with some end-users. :-)

    2. Anonymous Coward
      Thumb Down

      Interesting logic

      ...or maybe a reason to finally give up on Windows and use an OS that is less shite?

  4. mittfh

    Other OSes are also available...

    ...which presumably are immune from this bug :)

    Having said that, Mandriva Updater finds security updates for various bits of my Mandriva 2010 box several times a week. So although there are hardly any viruses in the wild that exploit Linux systems (probably due to a combination of relatively low usage and a better security subsystem), evidently developers are continually finding (and fixing) security holes in the various components.

    Then again, the updates are usually very small in size, and are delivered as/when available, rather than several MB in size, collated together, then released once a month. And it's entirely up to you to initiate the downloads, unlike Windoze which downloads by default, unless you specifically ask it not to. Oh yes, then there's the joy of rebooting whenever any major update is installed :)

    I have to use Windoze at work, but at home, give me the penguin any day :)

    1. Trixr

      Oh, shut up

      Shall we talk about SSH and BIND exploits? No OS is immune to bugs. Sure, some are better than others, but none is -immune-.

      If you don't use Windows, then you've got nothing to worry about, then. So go away and play with your penguin, and let us discuss something that affects the rest of us.

      FWIW, I use Linux at home, and about 1/3 of our server fleet is Linux too. But sticking your head above the parapet to say "Blah blah blah Linux is best blah blah", when the topic is Windows, is bloody tedious in the extreme.

      1. Fran Taylor

        Poor examples

        bind is not even turned on by default in linux.

        ssh can be disabled with a single mouse click.

        Both of those exploits are blunted by SELinux anyway.

        Go ahead and try to disable a windows vulnerability this easily.

      2. Anonymous Coward

        You are rambling....

        SSH and BIND are *applications*, not OS's! They are in fact available to run on Windows.

        Get a grip, and stop lying about how much you use Linux.

      3. Anonymous Coward
        Anonymous Coward

        Me too...

        I use Windows, Unix and Linux at work and Windows and Linux at home, I hadn't kept up with updating my AA1/Fedora 12 laptop, after about four weeks it had more than 300 packages to be updated. It took more than four hours to crunch through them.

        When I was a sysadmin, I didn't want to have to drop what I was doing to check out an update to a system, unless I _really had to_. Larger less frequent updates are better, you only have to do one set of testing whereas with lots of little updates you have to test each one individually.

        1. SJB


          Yes well you will find that Fedora 12 has a lot of package updates during it's life cycle, this is because it's meand to be on the leading edge. If you don't like it you can use RHEL where most of the problems have been fixed. Or windows where it appears the problems haven't ...

      4. ajb673

        But this is the kernel

        But this is a kernel exploit, not 3rd party software. Yes there have been exploits in ssh and bind, but they've been fixed asap by the OSS community, and not dumped at the back of a very long queue by a corporate entity who at first denies the problem exists, then denies it's being exploited, then after 6-12 moths finally gets around to patching it, but then leaves it until the next patch day, rather than pushing the patch out asap.

        But anyway, you're clearly an MS fanboi, so there's no point using logic in an argument with you.

      5. Ocular Sinister

        If my memory serves me well...

        The SSH exploit affected windows too, assuming you had applications or services installed that used OpenSSH. Its one of those things that is kind of part of the OS, but isn't...

    2. phoenix


      So you never need to reboot Linux - oh yes you do (mostly when it's a desktop I 'll conceed). I use Debian ,windows and BSD and they all have their ifs and buts.

      MS tries to be all things to all men with backward compatibilty - must be a nightmare for a code maintainer. Afterall you could buy OSX which regularly drops support for your applications, forcing you to buy a massively inflated (in cost and bloat), newer version when it changes face. At the end of the day annoyance should be aimed at the cracking exploiters of these holes not at the companies and people trying to patch all the time.

      1. Keith Oldham

        Re : hmmm

        You never NEED to reboot Linux unless you install kernel/module updates. My desktops/laptops now boot so fast that they can be switched off

        My low-power file/print/allsortsserver, on the other hand, runs for months at a time.

        All running various versions of OpenSUSE

      2. Anonymous Coward

        @phoenix - Can't let that lie...

        "Afterall [sic] you could buy OSX which regularly drops support for your applications, forcing you to buy a massively inflated (in cost and bloat), newer version when it changes face."

        Not at all. Last upgrade was £25. Previous to that it was about £80. How much was a Windows upgrade? RRP of £99.99 for Home "Premium", whatever that is. Since there is only one SKU of OSX, a fair comparison would arguably be with the fully featured "Ultimate" edition at an RRP of £199.99! (source for both: Not that one is *forced* into upgrading at all. My Mum still uses Leopard on her Mini and my brother still uses Tiger on his 2004 iMac, both without problem. Admittedly some developers stop supporting previous versions, but that's up to them. When you get a new Mac OS, that is *all* you get. No 'bloat' at all. You are obviously referring to the iLife suite that comes with a new Apple computer. It's easily "uninstalled", just drag the apps to the trash and then empty! Done! Upgrades haven't regularly broken other apps either, well certainly less than Vista did when it was released and nothing that *greedy* software companies couldn't counter by releasing a patch. The extent was over-exaggerated. Interestingly enough small independent developers had no problem supporting the transition from 10.5 to 10.6, it was the greedy SOB's like Adobe that had "issues". In fact the CS3 range works fine, at least as well as it did before. Microsoft Office, perhaps ironically, had no problems at all!

        At the end of the day blatant fanboys shouldn't use use FUD and throw-up pointless, ill-informed and irrational arguments to try and deflect from the fact that their preferred OS has had a security flaw for 17 years.

        1. Anonymous Coward
          Anonymous Coward

          @ @phoenix

          The last update was indeed £25, the previous update was _and still is_ £85. As a PPC 10.4.11 customer who needs to upgrade, due to a critical app no longer working, if I want to take that £25 update I have to spend somewhere in the region of £1k to replace my current hardware or spend well over the odds upgrading to an old version of the OS. I have yet to hear of any other company who treats its customers with such contempt. Yes, drop support for old hardware, but don't keep the prices of updates to old OSes more than three times the price of the current OS.

          Anyway, as it turns out, the soultion was to install Fedora 12 for PPC. I very much doubt I'll be buying Apple again.

          1. Anonymous Coward
            Anonymous Coward

            @Fraser; Here we go...

            So spend the extra £60!!! The hardware change was announced in 2005, and completed Q1 2006. Snow Leopard was released Q3 2009, 3 and a half years later. Apple made it *very* clear that they were not going to support PPC forever. They often rightly get criticised for not being transparent, but with the switch over they were nothing but! In fact this switch over war less painful that the 68K to PPC switch over which seemed to happen over night! You had ample time to prepare. That doesn't necessarily mean that you had to buy a new Mac. It means you had 3.5 years at least look at alternatives, which you obviously have. I guess the fact that you switched to Linux mean you were talking shit about your supposed 'critical' app (ODFO!) when clearly cheaper or free alternatives were available! No-one puts a gun to your head and says "use OSX" or "Use Windows!". £85 is _still_ cheaper than the cost of an upgrade to Windows 7 Home Premium! Why should you be 'rewarded' for NOT upgrading to begin with?!

            1. Anonymous Coward
              Anonymous Coward


              Ok: Critical app is Mythtv Frontend, which as of 0.2.2-2 no longer works on 10.4.11, but does in 10.5.? or PPC linux. So no, I wasn't talking shit.

              I will state again: I am not aware of any other company that charges more for older versions of software than new. This is my beef, not that the machine is getting old, but that apple expect me to pay more than three times the cost of the current version of the OS for an older version.

            2. phoenix

              @ keith Oldham @ AC20/01 12:46 @ @Fraser

              @Keith - you are correct but that still means you have to reboot the OS I was not inferreing Linux required as many reboots as windows - of course not

              @AC and Fraser Please re-read my post:

              "Afterall you could buy OSX which regularly drops support for your APPLICATIONS, forcing you to buy a massively inflated (in cost and bloat), newer version when it changes face.

              I was not refering to the OS but the applications such as Photosohop CS4 which due to the Coccoa / Carbon fiasco still doesn't work on snow leopard unless things have changed. I am no expert but taking the processor architecture aside we had to buy quite a bit of new software for the alte versions of OSX.

              Personally I'm not too enamoured with any of the current OSs in desktop form. I wish Europe would get together look at the flaws in Linux / Unix and write a better OS than both of those because I think it is possible - any takers?

          2. Anonymous Coward

            You think you have problems..

            "As a PPC 10.4.11 customer who needs to upgrade, due to a critical app no longer working.."

            Stop complaining, you have it easy, Apple dropped support for my stone circle without warning me. The fricken' thing is HUGE, it was really expensive to install. I should have been given a longer grace period, giving me time to upgrade.

            Now I can no longer run the newest versions of Final Cut- just because *THEY* sold us out to the PEECEE nazi vampire liberals with their capitalist running whelk "x86" so-called "processors"!

            1. phoenix

              @20th January 2010 23:10 GMT

              Where's Mr Bryant when you need him he'll learn about how great the powerpc line is now as in not great. Take it up with your Uberman Jobs he made the jump.

        2. phoenix


          Pot calling the kettle black. I am no MS fanboy just making the point that a being a macality can cost you dearly. Anyway Apple's work was mostly done for them (as in brilliance, security and stablility) by the BSD crew so I'm not sure what mactards always crow about I guess in IT knowledge terms they are still on Peter and Jane books ;-)

      3. LawLessLessLaw

        uptime schmuptime

        OpenBSD - been serving from Apache for the longest time, currently

        1:00PM up 542 days, 37 mins, 2 users, load averages: 0.10, 0.15, 0.16

        I had to reboot it 542 days ago because I pulled the power cord by accident

        btw. privilege escalation is a design error, an all powerful Root / Administrator is not *required* in an OS. Archaic OSes will continue to be archaic. so Lunix / Windows FAIL

  5. adnim Silver badge

    Ignorance is bliss

    Why is it that security researchers and hackers can find hundreds of holes, flaws and exploits in MS software, yet the developers themselves and the security officials at MS always appear to be unaware of any flaws or attacks exploiting them?

    Tavis' report only hit full disclosure at around 7pm UK time, and as his report contains a link to "Possibly naive example code for triggering this condition". So I would imagine that Microsoft security officials will be aware of attacks targeting the flaw soon enough.

    Tavis informed MS on the 12-Jun-2009 about this flaw, so MS security officials have had over 6 months to look into and mitigate this risk. Please don't go providing excuses for their tardiness in this matter by stating they have the "potent Internet Explorer bug" to work on.

    If MS can afford the best lawyers to protect their patents from infringement and themselves from litigation they can afford to hire a greater number of security researchers and fully test their abominations before foisting them on the market place for beta testing.

    1. Anonymous Coward

      They can...

      ... but they won't. They don't really care about security; that's what you get with a commercial system. It's only money.

      OSS FTW!

    2. Russ Tarbox

      Probably because...

      ...they have a finite number of people working on the code and testing, whereas millions around the world get their hands on the product. It's the same reason that books and magazines go to print with typos, some electronic products have to be warranty repaired, etc etc. But because it's computer software, and Microsoft in particular, all hell breaks loose.

      1. Anonymous Coward
        Anonymous Coward

        Re: Probably because...

        "they have a finite number of people working on the code and testing, whereas millions around the world get their hands on the product."

        "millions" is not the opposite of "finite". It's just as finite as any other number you can write down.

      2. John Angelico

        but because...


        "But because it's computer software, and Microsoft in particular, all hell breaks loose"

        Well, it's because MS people at high levels keep making motherhood statements about security and top priority in the same sentence, and then go on about a quality assurance program, ad nauseum, followed by this kind of tardiness when the rubber hits the road, that the computing community becomes thoroughly jaded.

        They NEVER spend enough on quality, but they sure as hell spend heaps on lawyers, and after-market support.

        How come they can't grasp the financial impact of quality from the ground up? Corporate culture.

        And that's why all hell breaks loose whenever these revelations are leaked.

    3. Nigel 11

      This is why ...

      An anecdote. A rich man was once driving his Rolls-Royce through rural france when he hit an enormous pot-hole and horrible noises started coming from the car. At the next village garage, the mechanic diagnosed a failed rear axle and contacted Rolls-Royce. Their response was that they would be flying out a mechanic with the necessary spare parts and the car should be fixed by mid-day next.

      When the man returned from his travels, he did not receive an invoice. After some time, being an honest man, he contacted Rolls-Royce about the missing bill. Their reply was short.

      "Dear Sir

      "We have no record of the rear axle of a Rolls-Royce Silver Shadow ever having failed.

      "Yours Sincerely


      I suspect that Microsoft likewise prefers not to know of any un-fixed security-critical issues in their systems.

    4. Anonymous Coward
      Anonymous Coward


      You're mistaking the famous (and wildly successful) marketing and legal outfit "Microsoft" for a technology company, I fear.

  6. John Tserkezis

    @Ignorance is bliss

    Bugs and vulns are fixed on a priority basis. Once they get down to 30K bugs or so, it's done.

    Highly publicised vulns (even if they're relativley minor) are fixed earlier, because public perception is more important to the bottom dollar, than actual security.

  7. Henry Wertz 1 Gold badge

    Why not found and fixed sooner?

    "Why is it that security researchers and hackers can find hundreds of holes, flaws and exploits in MS software, yet the developers themselves and the security officials at MS always appear to be unaware of any flaws or attacks exploiting them?"

    I think it's BECAUSE it's closed source. I think Microsoft has used automated vulnerability scanners to find the obvious holes, but they are not going to be going over and over existing code to look for vulnerabilities, not as much as popular open source projects (for instance the Linux kernel.)

    The early dosemu vm86 support in Linux ALSO had security holes. One apparently involved using DPMI (DOS Protected Mode Interface), which 32-bit DOS apps used (and NTVDM also supports), going into DPMI mode and then dicking around with the memory management tables, you could (sound familiar?) map kernel memory space and read or modify the kernel. They first Linux kernels came out in late 1993, and they fixed this in early 2.1 series in 1996. So, about 14 years earlier.

    1. The Fuzzy Wotnot

      Developers don't control their software anymore

      Nope, it;'s ';cos software these days is developed by committees and marketers, not by developers! Developers write code, they make stuff happen, the marketers decide if software product X does ABC and hopw it does ABC and when, They decide if a small portion of time can be spared to allow the testers and develpers to check the code, Q&A is an afterthought because time is money for companies like MS and Apple. Apple has it slightly easier, they only have one fixed O./S and a limited hardware platform so they have less bugs, but even that fixed kit still has major problems.

      They way software is now, money,money, money. Even in OSS, to a lesser extent, but OSS still needs funding and to get that they still have to deliver the base O/S products by the date they said they would, else the funding may be cut.

      Sad but true.

    2. Anonymous Coward

      @ Henry...

      That is all.

  8. Christian Berger Silver badge

    Privilege escalation?

    How? I mean 99.9999% of all Windows users work as "Administrator" anyhow.

    If Win64 actually cannot run win16 applications it's no alternative either. Businesses depend on such applications to run.

    1. Entropy 1

      V for..


  9. TeeCee Gold badge


    "...tested on all versions of Windows except for 3.1."

    Er, do you mean NT 3.1 by any chance? You had me rather puzzled in a sort of "why would you want to?" sort of way for a while there. You also caused me to remember some things that are best left forgotten.....

  10. Forget It

    Call me dumb ...

    but how do I go about "disabling the MSDOS and WOWEXEC subsystems" on winXP-SP2 ?

    Yes I'm to dumb to follow the very grey instructions at

    1. Anonymous Coward

      and not forgetting

      NT 3.5 and 3.51 (aaaaaahh, happy days)..and NT4 of course.

  11. amanfromMars 1 Silver badge

    Worse than Feared or Better than XPected is a Subjective Semantic Call in MetaDataBase Circles

    "Developers don't control their software anymore" .....The Fuzzy Wotnot Posted Wednesday 20th January 2010 06:04 GMT

    The Fuzzy wotnot,

    QuITe Obviously Some, and if they are into Network InterNetworking that may be More than just a Few, are able to Control IT, Developers Software, Remotely, with Escalating Elevated Privileges Enabling Rogue Phantom Pirate TakeOver of Kernel Properties with Revisioned Intellectual Protocols Enabling SMART Access to Programs/Projects.

    Now whether you See/C that as a Malignant Cancer for yourself or a Benign Cure for Systems in the Community, would depend entirely upon what you would be Actively Currently Engaged in Protecting and Promoting/Pimping and Pumping.

    And quite Who and/or What would be Some and/or More than just a Few, is a Key Riddle, wrapped in a Magical Mystery, inside an Enigmatic Colossus and ITs Turing Virtual Machinery CodeXSSXXXX? And Shared as a Question because who Knows, whenever the Unknown is not Known and whenever the What We may Learn and would then Know about the Whomever Today, Changes the Questions for Tomorrow.

    And it is Naive to Not Imagine that All Systems and Browsers in Operation are similarly Vulnerable IntelAIgent Proxies.

  12. Mage Silver badge

    Not used Much?

    I've loads of old SW I can't replace that is either DOS or Win16.

    Some cases there is no replacement.

    Others I can't afford an upgrade. My Win16 Adobe Première Video Editing still works on XP.

    For really DOS apps, there's DOSbox, ARM and X86 versions, so there should be an x64 version too. No idea what security issues though. Since DosBox is a Emulated system and doesn't switch CPU to real mode, it should work on WOW64 on x64 Windows.

    Windows 0.73 Win32 installer

    Gentoo Linux 0.73 portage

    Source 0.73 Source

    Mac OS X 0.73 dmg (Universal)

    Solaris 10 - sparc 0.73 pkg

    FreeBSD package 0.72 TBZ

    Fedora Core 0.72 rpm

    OS/2 0.72 exe (OS2)

    BeOS 0.63 binary (x86)

    Risc OS 0.63 zip

    TBH for regular users I can't see the point of x64. It uses more RAM always, to do the same thing and runs 32bit software slower. Unless you are running 8GByte RAM weather Simulator or a stupidly written game why would a single app need more than 512M, never mind more than 2G (the normal win32 limit per app, though 3G is possible).

  13. Andrew Bolton

    17 year old bug is not surprising...

    ... if it was from code written 17 days ago, I'd be more worried, frankly. The headline seems to imply we should be greatly surprised that the bug has existed this long. I doubt very much if there is incentive to go back and security-check 17 year old code. I'd prefer they devote time to audit any new code written.

    Where's the mountain out of a molehill icon? I'll just go with beer. I like beer.

  14. jon 72

    Tankyou for calling tech support

    Apologies for the delay.. Tech Support was playing with their Pengiun...

    Normally I would not bother with such a tedious comment from a disgruntled windows user but today is different, it's snowing again and they really are playing with the inflatable penguin.

  15. Mage Silver badge


    I have a copy of Win 3.1 (not the rather better WFWG3.11 with Win32s etc ) running in DOSbox. Takes seconds to boot. :)

    I have an old 160MHz 486 with real WFWG3.11 and a PIII 450MHz laptop multiboot WFWG3.11, Win98, Win2K and Ubuntu.

    1. Anonymous Coward
      Anonymous Coward

      64 bit win

      Dosbox works fine on my Vista 64 bit. I also don't have a problem with speed of 32bit apps. As for RAM, I've got 4Gigs, it doesn't cost that much these days.

      As for the legacy stuff you want to run, maybe a VM would work?

    2. Nigel 11

      Reasons for x64

      The point of x64 is that a single process (or application) can utilize more than 2Gbytes of virtual address space. In certain types of application it is possible that >2Gb of VA space can be mapped onto less than 1Gb of physical RAM without the system paging itself into catatonia. So it can occasionally make sense to run x64 on a system with 1Gb RAM, and it almost always makes sense if the system has 4Gb.

      Another reason is if you are developing 64-bit applications on a smaller box. They don't ever allocate >2Gb in your development environment, but let them onto the big iron with a heavier load or model, and they will then.

      A third reason is if you run VMware player and *ever* want to boot a 64-bit guest O/S. Incidentally, VMware itself takes advantage of certain VM support available only in x64 mode, and allegedly runs faster on x64. (I've not tested this assertion).

      4Gb systems are only one step up from the sensible default these days, and are probably set to become standard pretty soon.

    3. Mark Eaton-Park

      Where can I get an inflatable penguin?

      Wah, I wanna inflatable penguin too

    4. ElReg!comments!Pierre Silver badge

      Not 17 yo... 17 years lasting.

      The worrying part is that it's been carried on until now. In all non-64 bits versions. Jumping the one and a half alleged complete codebase overhaul. Surely it says a lot about MS testing practices?


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019