Researcher Finds 17 Year-Old Windows Vulnerability…in MS-DOS


Security researchers—and, of course, cybercriminals, attachers, and maybe even governments—are always looking for new ways to break into Microsoft Windows, since it’s long-established itself and the lowest common denominator of operating systems. Sometimes, these research efforts uncover bugs that have been round for a long time, but Google security engineer Tavis Ormandy may have taken the cake: he found a security hole in Windows that’s so old it could be graduating from high school this year.

The bug impacts all versions of Windows from the brand-new Windows 7 all the way back to Windows NT 3.1, which originally shipped in 1993. The issue is in the Virtual DOS Machine used to support 16-bit applications originally implemented to support MS-DOS applications and 16-bit applications from Windows 3.1 days; according to Ormandy’s findings, the Virtual DOS machine can be exploited to enabled unprivileged 16-bit programs to manipulate kernel stacks so attackers could get their own code executed at system privilege levels. In theory, this could let attackers take over the computer and do anything they like. And, yes, the problem has been there for 17 years.

In a security advisory, Microsoft says it is not aware of any attacks that exploit the vulnerability, and Windows users are believed to be at low risk. However, users who are concerned can disable their system’s MSDOS and WOWEXEC subsystems (which correspond to CMDLINE and WOWCMDLINE services) to block the problem—at least, provided they don’t need to use any 16-bit applications.

Microsoft hasn’t made any statement on when it plans to release a patch; however, Microsoft is already planning on a record patch Tuesday for February 2010, with 13 security issues set to be shored up.

Product Review

It's not the sharpest tool, but the Surface Go does it all for $400

Microsoft has launched the $400 Surface Go to take on both the iPad and Chromebooks, all without compromising its core focus on productivity. Does it work as both a tablet and a PC?

Windows Update not working after October 2018 patch? Here’s how to fix it

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.
Smart Home

People are stealing Ring doorbells (and it’s no knock-knock joke)

Ring Video Doorbell thefts in a Denver neighborhood raise questions about how much security the smart home devices actually provide. One homeowner and the police have a video of the theft. Here's what to do if your Ring device is stolen.

New rumors say the Pixelbook 2 could show up at CES 2019

What will the Pixelbook 2 be like? Google hasn't announced it, but thanks to rumors and leaks, we think we have a pretty good idea of what the potential new flagship Chromebook will be like.

Does Qualcomm's latest laptop processor hold up against Intel's Core i5?

Qualcomm has been nipping at Intel's mobile CPU heels for years and now it might finally have overtaken it. To find out whether it's new SoC can hold its own in mid-range computing, we pitted the Snapdragon 8cx vs. Core i5.

Not just for Lightroom anymore, Loupedeck+ now works with Photoshop

Loupedeck+ can now help photographers edit in Photoshop too, thanks to physical controls for swapping tools, running actions, and more. The photo-editing console expanded to include Photoshop in the list of compatible editing programs.

Turn your Raspberry Pi into a Steam streaming hub with Valve’s Steam Link app

Valve's Steam Link app is now fully supported by Raspberry PI hardware, meaning that just about anyone with a few dollars to spare can build their own Steam streaming box in a matter of minutes.

Amazon takes $300 off Intel Core i7 Surface Pro 6 in latest sale

If you're looking for savings on the Surface Pro 6, Amazon is the place to shop. It currently is discounting the Intel Core i7 variant of Microsoft's latest 2-in-1 by $300, though no Type Cover is included.

Here's our head-to-head comparison of Pandora and Spotify

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.

Our favorite Chrome themes add some much-needed pizzazz to your boring browser

Sometimes you just want Chrome to show a little personality and ditch the grayscale for something a little more lively. Lucky for you, we've sorted through the Chrome Web Store to find best Chrome themes available.

Don't keep typing the same thing -- learn to copy and paste with these shortcuts!

Looking for useful Windows keyboard shortcuts? The most common are the cut, copy, paste and undo shortcuts compatible with all kinds of tasks. They can save you an awful lot of time if you learn how to use them.

Latest Facebook bug exposed up to 6.8 million users’ private photos

An API bug recently left an impact on Facebook users. Though the issue has since been fixed, some of the apps on the platform had a wrongful access to consumers photos for 12 days between September 13 and September 25. 

You can now get a Surface Laptop 2 for $800 at the Microsoft Store

Along with deals on other variants, starting configurations of Microsoft's Surface Laptop 2 are now going for $800 online at its retail store, cutting $200 from its usual $1,000 starting price. 

Need a monitor for professional photo-editing? These are the very best

Looking for the best monitor for photo editing? You'll need to factor in brightness, color accuracy, color gamut support and more. Fortunately, we've rounded up the best ones for you, to help you make an educated purchase.