Researcher Finds 17 Year-Old Windows Vulnerability…in MS-DOS


Security researchers—and, of course, cybercriminals, attachers, and maybe even governments—are always looking for new ways to break into Microsoft Windows, since it’s long-established itself and the lowest common denominator of operating systems. Sometimes, these research efforts uncover bugs that have been round for a long time, but Google security engineer Tavis Ormandy may have taken the cake: he found a security hole in Windows that’s so old it could be graduating from high school this year.

The bug impacts all versions of Windows from the brand-new Windows 7 all the way back to Windows NT 3.1, which originally shipped in 1993. The issue is in the Virtual DOS Machine used to support 16-bit applications originally implemented to support MS-DOS applications and 16-bit applications from Windows 3.1 days; according to Ormandy’s findings, the Virtual DOS machine can be exploited to enabled unprivileged 16-bit programs to manipulate kernel stacks so attackers could get their own code executed at system privilege levels. In theory, this could let attackers take over the computer and do anything they like. And, yes, the problem has been there for 17 years.

In a security advisory, Microsoft says it is not aware of any attacks that exploit the vulnerability, and Windows users are believed to be at low risk. However, users who are concerned can disable their system’s MSDOS and WOWEXEC subsystems (which correspond to CMDLINE and WOWCMDLINE services) to block the problem—at least, provided they don’t need to use any 16-bit applications.

Microsoft hasn’t made any statement on when it plans to release a patch; however, Microsoft is already planning on a record patch Tuesday for February 2010, with 13 security issues set to be shored up.

Smart Home

These best outdoor security cameras will keep porch pirates at bay

Worried about porch pirates stealing your packages, or intruders entering your home? Always be in the know about who or what is on your property by installing one of these outdoor security cameras.
Smart Home

The best smart locks to increase your home security in 2019

A good smart lock should offer a combination of security and convenience. Fortunately, these devices keep your home protected, your family safe, and your belongings secure from possible intruders.
Smart Home

Looking to safeguard your home? These are the best DIY home security systems

Looking for the best DIY Home security systems? These security kits will help you feel safer in no time. Check out our top pick and full list to see which kit will work best for your home.
Smart Home

Protect yourself: Here are some of the best home security systems

Looking for the best home security systems for your house? These systems offer the best mix of devices, smart features, monitoring services, and fees that you can afford (plus good customer service reports).

Here are the best Chromebook deals available in March 2019

Whether you want a compact laptop to enjoy some entertainment on the go, or you need a no-nonsense machine for school or work, we've smoked out the best cheap Chromebook deals -- from full-sized laptops to 2-in-1 convertibles -- that won't…

From Chromebooks to MacBooks, here are the best laptop deals for March 2019

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we've got you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.

Looking for a Chromebook? The Google PixelBook just got a $200 price cut

Once relatively obscure, Chromebooks have come into their own in a big way in recent years. One of our favorites is the super-sleek Google Pixelbook, and it's on sale right now from Amazon for $200 off, letting you score this premium laptop…

Still miss Windows 7? Here's how to make Windows 10 look more like it

There's no simple way of switching on a Windows 7 mode in Windows 10. Instead, you can install third-party software, manually tweak settings, and edit the registry. We provide instructions for using these tweaks and tools.

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up Speech Recognition in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.

Get the most out of your high-resolution display by tweaking its DPI scaling

Windows 10 has gotten much better than earlier versions at supporting today's high-resolution displays. If you want to get the best out of your monitor, then check out our guide on how to adjust high-DPI scaling in Windows 10.

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

We're glad to see that USB-C is quickly becoming the norm. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone. We've got USB-C to USB-C and USB-C to USB-A.

Nvidia’s GTX 1650 graphics card could be just a slight upgrade over the 1050 Ti

Rumors suggest Nvidia might soon launch the GTX 1650, and a leaked benchmark listing from Final Fantasy XV suggests that the new graphics card could be just a slight upgrade over last generation's GTX 1050 Ti. 

Get ready to say goodbye to some IFTTT support in Gmail by March 31

If This Then That, the popular automation service, will drop some of its support for Gmail by March 31. The decision comes as a response to security concerns and is aimed to protect user data.

Get the new Dell XPS 13 for $750 with this limited-time deal

Dell is currently running a limited time deal lasting through Thursday, March 28, where you can bring home a version of this year's new XPS 13 for around $750 with the use of a special coupon code.