I sometimes feel as if I’m picking on Microsoft for its crappy security ( there’s always some new hole to talk about ) but then I sit back and realise that their products really do have poor security and I don’t need to feel ashamed for reporting on it. For example, a Google engineer recently found a hole in Windows that has been carried forward since Windows NT.
Tavis Ormandy found that way back in 1993 in Windows NT that Windows included a ‘feature’ to support BIOS service routines in legacy Windows 16bit applications. Think about that for a moment: this ‘feature’ was put in to support software that was already out of date in 1993. Guess what? It’s been in every version of Windows since then up to, and including, Windows 7. Honestly, is there anyone on Earth who’s running Windows 3.1 applications on Windows 7? Or, Vista? Or, XP… you get the idea. Be that as it may, the code’s still in there. An attacker can trigger the vulnerability through a variety of means. The end-result is, surprise, another Windows machine that’s totally owned by the attacker. Once in charge, they can vacuum down your files, install malware, and all the other usual tricks.
And it’s probably not a known issue by Microsoft because their platform is so patched and hacked at this point that they would agree that even they are not sure of what’s actually in there!
A simple remedy ( sorry it’s a registry hack ) is to switch off the MSDOS ( CMDLINE ) and WOWEXEC ( WOWCMDLINE ) services and you should be fine.
