Feb 10, 2012 - 05:30 PM EST — AAPL: 493.42 (+0.25, +0.05%) | NASDAQ: 2903.88 (-23.35, -0.8%)

Microsoft finally gets around to patching 17-year-old Windows bug

Friday, February 5, 2010 · 10:38 am · 27 Comments

“A 17-year-old bug in Windows will be patched by Microsoft in its latest security update,” BBC News reports. “The February update for Windows will close the loophole that involves the venerable DOS operating system.”

MacDailyNews Take: Venerable? Not in these parts.

The Beeb continues, “First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since. The monthly security update will also tackle a further 25 holes in Windows, five of which are rated as ‘critical.’”

“The ancient bug was discovered by Google security researcher Tavis Ormandy in January 2010 and involves a utility that allows newer versions of Windows to run programs that date from the DOS era,” The Beeb reports. “Mr Ormandy has found a way to exploit this utility in Windows XP, Windows Server 2003 and 2008 as well as Windows Vista and Windows 7.”

The Beeb reports, “The patch for this vulnerability will appear in the February security update. Five of the vulnerabilities being patched at the same time allow attackers to effectively hijack a Windows PC and run their own programs on it.”

Full article here.

MacDailyNews Take: Our headline says it all.

Categories: All Sites, News

Thank You for supporting MacDailyNews!

Apple Store Online:
• Order iPhone 4s. From $199. Fast, free shipping only at the Apple Online Store.
• New Apple MacBook Pro. Now faster than ever. Starting at $1199, plus free shipping.
• MacBook Air. Available in two utlracompact sizes. Starting at just $999. Fast, free shipping from the Apple Online Store.
• The new iMac. With next-generation quad core processor and advanced graphics. From $1199. Fast, free shipping at the Apple Online Store.
• The new Mac mini. Now up to 2x faster. From $599. Fast, free shipping. Buy now at the Apple Online Store.

Comment Feed

27 Comments

1 2 Next »

little man

Friday, February 5, 2010 - 11:48 am · Reply

Finally… Windows is now as secure as OS X!
emmayche

Friday, February 5, 2010 - 11:53 am · Reply

@little man

Ummmm…… no. Not even close.
iSteve

Friday, February 5, 2010 - 11:58 am · Reply

Their flaws are older than OSX!
Metryq

Friday, February 5, 2010 - 12:03 pm · Reply

Oh, well, legacy compatibility can’t last forever. Time to download the new malware SDK…
Moo

Friday, February 5, 2010 - 12:28 pm · Reply

iSteve;

That flaw is older than many of Microsoft’s staunchest defenders.
Consider it a birth defect.
Adam

Friday, February 5, 2010 - 12:39 pm · Reply

Does anyone at the Beeb know how to copy edit? DOS stands for Disk Operating System. Without the acronym, the sentence would read, “The February update for Windows will close the loophole that involves the venerable Disk Operating System operating system.”
Hm...

Friday, February 5, 2010 - 12:44 pm · Reply

@ Adam

Popular usage often trumps repetitive redundancies that recur by being repeatedly reiterated.
Tommy Boy

Friday, February 5, 2010 - 12:49 pm · Reply

I saw 17 year old bug and thought they were talking about Windows itself.
WTFrank

Friday, February 5, 2010 - 12:50 pm · Reply

Hm…
Classic!
Spudly

Friday, February 5, 2010 - 12:50 pm · Reply

MDN – Again “Windows Vulnerability” is NOT news!
TheMightyFinder

Friday, February 5, 2010 - 12:54 pm · Reply

Woah, already?! That was quick.
Spudly

Friday, February 5, 2010 - 12:55 pm · Reply

News would be “Microsoft Operating System Thwarts Hackers for One Entire Hour”
m159

Friday, February 5, 2010 - 1:10 pm · Reply

@Adam. I believe DOS originally came from QADOS (Quick And Dirty Operating System) the internal nickname for the project of stealing Gary Kildall’s CP/M system. Kildall had never reached terms with Bill Gates and IBM, so they found someone to copy it. As I understand it, they dropped the QA and renamed the D.
Ray

Friday, February 5, 2010 - 1:18 pm · Reply

The point that everyone missed is that M$ had to keep the hole open. M$’s bag for many years was that you just upgraded the OS and not any of your other software. That way you can enjoy the latest version of solitaire even if you still use WordPerfect 5.0 or Word Star for your documents…..This is one of the dumbest moves M$ made in their evolution.

just my $0.02
LordRobin

Friday, February 5, 2010 - 1:40 pm · Reply

@m159: Close. QDOS (no “A”) was a competing product to CP/M that Microsoft purchased to work into MS-DOS. QDOS was indeed a rip-off of CP/M, out-and-out copying large chunks of CP/M’s source code. However, Microsoft’s position was that the plagiarism happened before they bought the product and that they were unaware of it when they made the purchase. The courts found that it couldn’t be proved otherwise and so Microsoft wasn’t liable.

(Mind you, if Microsoft did secretly have something to do with the plagiarism, it wouldn’t shock me. Microsoft’s business model of copying what exists already goes right back to the beginning, when Bill Gates used to rummage through trash cans for code printouts at his school.)

——RM
Famous Grouse

Friday, February 5, 2010 - 2:08 pm · Reply

Any relation to 17 year cicadas?

http://en.wikipedia.org/wiki/Brood_X

They die off after a few weeks only to re-emerge 17 years later…
MacTony

Friday, February 5, 2010 - 2:15 pm · Reply

I am so glad I don’t run a Windows machine anymore.
Vandalfoe

Friday, February 5, 2010 - 2:28 pm · Reply

To be fair, it was only discovered in January 2010. That’s not terribly unresponsive.
m159

Friday, February 5, 2010 - 2:37 pm · Reply

@Robin
Thanks for the clarification. I’ve heard various stories about Kildall’s no deal with microsoft/IBM. One that he was a bit of a flake, or that he was holding out for better terms, or that he simply despised Gates. Certainly Kildall was not as conniving. I’m convinced Gates has no technological vision at all, but rather is a driven game-player working with predatory contracts and deals, like his daddy.
Cubert

Friday, February 5, 2010 - 3:10 pm · Reply

LordRobin and m159,
A few years back I read an article online about a former M$ employee who worked on Winblows Media Player. He said that they had 3 white boards in a conference room with blown up screenshots of iTunes and Real Player on two of them and chose pieces of each interface to put on the third board which was for WMP.

Sorry, can’t find link in my cursory Google search here at work.
DRMSSDB

Friday, February 5, 2010 - 3:28 pm · Reply

“security researcher”

That sounds like a fun job. I want to be a bank security researcher.

“To be fair, it was only discovered in January 2010. That’s not terribly unresponsive.”

Only discovered by “the good guys.” How long have the blackhats known about this? Was it useful for exploitation.
Pea-dant

Friday, February 5, 2010 - 3:48 pm · Reply

@Adam

but DOS is also a trademark, so I think the BBC copy is correct. I don’t recall any descriptions of the operating system on early PCs reading “Operating system: Disk” but I do recall things like “operating system: DOS”
Buster

Friday, February 5, 2010 - 4:39 pm · Reply

MDN…you had a typo. It should have read venereal not venerable
marko

Friday, February 5, 2010 - 5:18 pm · Reply

I am so relieved…
MS-DOS?

Saturday, February 6, 2010 - 1:35 am · Reply

I thought that Microsoft claimed that it got rid of MS-DOS with the introduction of W98?