Windows hole discovered after 17 years - Update
Jan 20, 2010, 19:03 (6 Talkback[s])
"Microsoft isn't having an easy time of it these days. In
addition to the unpatched hole in Internet Explorer, a now
published hole in Windows allows users with restricted access to
escalate their privileges to system level – and this is
believed to be possible on all 32-bit versions of Windows from
Windows NT 3.1 up to, and including Windows 7. While the
vulnerability is likely to affect home users in only a minor way,
the administrators of corporate networks will probably have their
hands full this week.
"The problem is caused by flaws in the Virtual DOS Machine (VDM)
introduced in 1993 to support 16-bit applications (real mode
applications for 8086). VDM is based on the Virtual 8086 Mode
(VM86) in 80386 processors and, among other things, intercepts
hardware routines such as BIOS calls."