| ||Thread Tools|
|20th January 2010, 15:58||#1|
Join Date: May 2002
Flaw in all Windows versions allows highest privilege level for 16-bit applications
The problem is caused by flaws in the Virtual DOS Machine (VDM) that was fitted under the bonnet of Windows NT in 1993 to support 16-bit applications. The VDM is based on the Virtual 8086 Mode (VM86) in 80386 processors and, among other things, intercepts hardware routines such as BIOS calls.
Google security team member Tavis Ormandy worked out how an unprivileged 16-bit program can manipulate the kernel stack of each process and this can enable an attacker to execute code at the system privilege level.
To make matters worse he published a sample exploit that runs under Windows XP, Windows Server 2003 and 2008, Windows Vista and Windows 7. It opens a command prompt in the system context, which has the highest privilege level, under Windows XP and Windows 7.
|Thread||Thread Starter||Forum||Replies||Last Post|
|Microsoft warns of TLS/SSL flaw in Windows||jmke||WebNews||0||10th February 2010 13:28|
|Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch||jmke||WebNews||0||14th April 2009 18:47|
|Microsoft Security Bulletin Summary for September 2008||jmke||WebNews||0||9th September 2008 19:20|
|Microsoft Security Bulletin Summary for August 2007||jmke||WebNews||0||14th August 2007 22:21|
|IE flaw puts Windows XP SP2 at risk||Sidney||WebNews||3||6th February 2007 17:25|
|Microsoft Security Bulletin Summary for June 2006||jmke||WebNews||0||14th June 2006 20:51|
|Microsoft Unveils Windows Vista Product Lineup - 6 versions||jmke||WebNews||0||27th February 2006 12:24|
|Windows Firewall flaw may hide open ports||Sidney||WebNews||0||2nd September 2005 05:55|
|Windows flaw reaches beyond XP||Sidney||WebNews||0||19th July 2005 00:05|
|List of fixes included in Windows XP Service Pack 2||jmke||WebNews||1||17th August 2004 15:03|