In a posting to a public mailing list, Tavis Ormandy disclosed a zero day privilege escalation vulnerability in the Windows kernel. All versions of Windows, starting with Windows NT 3.1 up to including Windows 7, are affected. The vulnerability affects support for 16 bit applications. In most cases, it is safe to turn off support for 16 bit applications. Here are the mitigation instructions (copied from the advisory):
This is not a good month for Microsoft. Tavis disclosed the vulnerability to Microsoft about 6 months ago. Microsoft's monthly bulletin's credited Tavis numerous times in the past for disclosing vulnerabilities. ------ |
Johannes 4042 Posts ISC Handler Jan 19th 2010 |
Thread locked Subscribe |
Jan 19th 2010 1 decade ago |
Typo: It's Windows NT 3.1, not Windows NS 3.1
The full post is here: http://seclists.org/fulldisclosure/2010/Jan/341 |
Anonymous |
Quote |
Jan 19th 2010 1 decade ago |
many factories machine still use an old application especially in asia. Open vulnerabilities for 30 years...
|
Anonymous |
Quote |
Jan 20th 2010 1 decade ago |
"(all versions)"? No, it's all 32bit/x86 versions of Windows. Windows x64 doesn't support 16 bit any longer.
|
Anonymous |
Quote |
Jan 20th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!