Microsoft Finally To Patch 17-Year-Old Bug 251
Posted
by
timothy
from the not-quite-barely-legal dept.
from the not-quite-barely-legal dept.
eldavojohn writes "Microsoft is due for a very large patch this month, in which five critical holes (that render Windows hijackable by an intruder) are due to be fixed, in addition to twenty other problems. The biggest change addresses a 17-year-old bug dating back to the days of DOS, discovered in January by their BFF Google. The patch should roll out February 9th."
Re:Nothing quite like a "timely" response (Score:5, Informative)
Um, no. The bug was introduced in Windows NT 3.1, and has remained in the NT line ever since. Windows 7 is very much still built on the NT codebase.
Re:Nothing quite like a "timely" response (Score:3, Informative)
This has to my knowledge, nothing to do with the kernel. It's a bug in a program used to run older applications. It was only found to be a problem very recently. Until now there was no real understanding that the bug existed and thus no reason to change that part of the OSes.
Re:Nothing quite like a "timely" response (Score:5, Informative)
Not discovered in January (Score:5, Informative)
Tavis disclosed the ntvdm vulnerability in January, however it was reported to Microsoft on June 12, 2009.
http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072549.html [grok.org.uk]
Re:Windows NT (Score:5, Informative)
Re:oldest bug evar... and other leet speechisms (Score:4, Informative)
Is this a record(for a bug that's "known about" anyways?
A while ago OpenBSD developer found a 33 year old bug [slashdot.org].
It depends on your definition of "known about" I guess.
Re:Nothing quite like a "timely" response (Score:3, Informative)
Re:Nothing quite like a "timely" response (Score:4, Informative)
Re:Nothing quite like a "timely" response (Score:5, Informative)
> Windows 3.1 - 7 are often based on the same code set.
You, sir, do not have the vaguest idea of what you are talking about.
> to get into windows 3.1 you need to type in "win" at the DOS window.
I thought for a moment you meant Windows *NT* 3.1 - 7, but ... it's clear that you didn't mean that.
FWIW, this bug affects all NT OSes right back to NT 3.1 (the first released version) and is an obscure kernel bug (it was only found in January 2010!). The BBC article was light on details except to say it "involves a utility that allows newer versions of Windows to run very old programs", but there's more detail from the always-excellent full-disclosure mailing list [neohapsis.com].
Re:Nothing quite like a "timely" response (Score:1, Informative)
It's since Windows NT 3.1 not Windows 3.1. The first is 32bit and the latter is 16bit. And no the code set is not the same in Windows 3.1 and Windows NT any version...
Anyways, check the article and wikipedia the rest if you really want to know.
Re:Nothing quite like a "timely" response (Score:3, Informative)
Er, from a better read of full-disclosure, I see it was reported in June 2009, not Jan 2010 as I stated earlier. Still, that's a long time for a bug to have gone un-noticed.
Re:Nothing quite like a "timely" response (Score:2, Informative)
I always hated how the Windows 2000 startup screen [winsupersite.com] said "Built on NT Technology", because "NT" itself stood for "New Technology". I guess it's just another case of RAS syndrome.
Re:Windows NT (Score:3, Informative)
Re:When is /. going to actually do more then just (Score:2, Informative)
Every fucking headline or story about MS is painted in a bad way, and I'd say about half the stories deserve a retraction as can be seen in the threads. Other stories like this aren't even fucking news. And the headline is sensational. It's not news for nerds. It's news for nerds with a major bias.
Re:sigh... (Score:4, Informative)
Yet another reason I avoid Windows and run for the hills with my linux box, if Windows was patched in a timely matter instead of being vulnerable for weeks, months, 17 years or when the media s**ts their pants, then I just might look at using it.
A.) You don't understand what really happened here. You should read the +5's in this thread before reading the next part of my post.
B.) There is absolutely nothing preventing Linux or anything else from having a problem like this. In fact, this is quite the cautionary tale for anybody running a computer. Your computer has a number of exploitable bugs in it right this second. Your machine is not safe. You need to install updates. You need network protection, firewall, etc. You need to make backups. You need to not run every executable you find from un-trusted sources. You need to use good practices when dealing with sensitive data. Running Linux, BSD, OSX, whatever, doesn't alleviate any of these concerns.
C.) Summaries often contain more information than the headline does. They also usually have links you can click on to get even more info.
Re:"Finally"? (Score:5, Informative)
It was reported to MS in the middle of last year, and the bug's discoverer made it public last month after Microsoft still hadn't fixed it.
Re:When is /. going to actually do more then just (Score:3, Informative)
Don't like it? Go back to digg. Slashdot has never tried to hide or deny it's FOSS bias, nor is it ashamed of it.
Re:Nothing quite like a "timely" response (Score:4, Informative)
I never listened to their marketing. I was quoting Microsoft's own Windows history webpage [microsoft.com].
Re:You joke, but I think he'd like to (Score:1, Informative)
It takes 9GB with the OS' basic install and the 2gb pagefile to run it in 2gb ram. Just tested as I have a freshly installed VM of win7. That gets you a browser, a text editor and a media player.
Re:Better late than never... (Score:3, Informative)
Possibly; I was going off a meme at our lab that originates from one person saying something negative, and the other responding "you mispronounced 'awesome'."
Aikon-
Re:I'm guessing you know this (Score:3, Informative)