January 20, 2010, 2:41 PM — One of the reasons I've never liked Windows is that it was never made to deal with the security problems of working in a networked, multi-user world. As a direct result, Windows has been fundamentally insecure for more than a decade. Even so, I was surprised to find that there's a 17-year old security hole that's been in Windows since NT and it's still present today in Windows 7.
Wow. Even I'm shocked by this latest example of just how rotten Windows security is. It just reminds me again though that while Microsoft keeps adding features and attempting to patch its way out of security problems to Windows, Windows' foundation is built on sand and not on the stone of good, solid design.
Tavis Ormandy, a Google security engineer, uncovered this new 'old' hole while digging around Windows. Ormandy found that way back in 1993 in Windows NT that Windows included a 'feature' to support BIOS service routines in legacy Windows 16bit applications.
Think about that for a moment this 'feature' was put in to support software that was already out of date in 1993. Guess what? It's been in every version of Windows since then up to, and including, Windows 7. Honestly, is there anyone on Earth who's running Windows 3.1 applications on Windows 7? Or, Vista? Or, XP... you get the idea.
Be that as it may, the code's still in there. An attacker can trigger the vulnerability through a variety of means. The end-result is, surprise, another Windows machine that's totally owned by the attacker. Once in charge, they can vacuum down your files, install malware, and all the other usual tricks.
A security company called Immunity has already released an add-on to its program Canvass that can be used to show if your computer is vulnerable to attacks using this method. You don't need to worry with that though. If you're running 32-bit Windows, congratulations, you can be successfully attacked.
The important point about Immunity's work is that if they can build a test that demonstrates the problem, a criminal hacker can build a program that will exploit it. It's only a matter of time.
There's no patch for this. You can, however, block it by switching off your computer's MSDOS and WOWEXEC subsystems. Unless you're running pre-historic 16-bit MS-DOS or Windows programs you won't see any problems.