… I spoke about in late January? Well Microsoft has finally come out and acknowledged it. Over a month later. Well actually 9 months later.
The hole, which originated with the release of Windows NT back in 1993 and is present in every 32-bit version of Windows since, including Windows 7, was discovered by Tavis Ormandy, a Google security team member in Switzerland. Ormandy said that he notified Microsoft of the hole in June 2009 but, after receiving no response other than an acknowledgment, decided to publish his discussion as well as a proof-of-concept exploit.
Compromising a machine requires physical access to the machine as well as authenticated password access, so it’s unlikely to be too serious an issue.
