CNet News

Microsoft is warning customers of a hole in the kernel of 32-bit versions of Windows that could allow someone to install programs, change data, or create new accounts with full user rights.

The vulnerability, caused by the Windows kernel not properly handling certain exceptions, affects 32-bit versions of Windows 7, Vista, XP, 2000, and Server 2003 and 2008, according to the security advisory released on Wednesday night. It does not affect 64-bit versions of Windows.

“We are not currently aware of any active attacks against this vulnerability, and Microsoft believes the risk to customers, at this time, is limited,” Jerry Bryant, senior security program manager at Microsoft, said in a statement.

I’m glad I’ve got 64-bit Vista.    Wait…




  1. freddybobs68k says:

    What to do? Quick upgrade! It only costs 120 USD. And what do you get for that?

    Errr.

    Its hard to tell. Big icons? Hardware that no longer works because no drivers (for me it was for my HP scanner). Or pay $200 and have the right processor and have ‘windows compatibility mode’.

    Microsoft has become a sad non achieving follower, with overpriced under performing products. And Windows 7 is probably the best value product they do. Sad.

  2. Josh Miller says:

    Wow. This sounds like a scheme to sell computer hardware and OSes.

    “People aren’t adopting 64 bit hardware fast enough, hell half of them still use their 5 year old XP machines, I know, we’ll tell them there’s a fundamental flaw and HACKERS”

  3. Somebody_Else says:

    Why don’t the monthly discoveries of serious security flaws in Linux make the blog?

    This is bad journalism.

  4. nolimit662 says:

    Why don’t they say they plan to FIX IT!!!! lmfao

  5. Postman says:

    #1,

    What is a scanner? Since about the time cameras crossed 5 megapixels (makes for a ~150 dpi full page scan), I just photograph the page I want to scan and Im done. That was like half a decade ago.

    I pretty consistently get better results than I ever remember with a scanner. Generally it is faster just to put them on a table and snap the pictures one by one as well.

    Also, where are you getting pictures not in digital form now days? I can’t think of anyone I know in DTP publishing business who still has a scanner…

  6. Breetai says:

    Microsoft has a belligerent history of silencing security holes. What would motivate them to expose a flaw like this…. Hmmmm…. I wouldn’t be surprised if they don’t patch this hole for a few extra sales.

  7. Postman says:

    #3,

    You know there have been like 3 total rootkit exploits of PHP over the last year. That is you have a website with PHP on it (are there any that dont???) and your computer gets totally rooted. How come the tech media doesnt talk about this?

    While here if you have local access to the computer… Ohe noes!!! The world is ending!!! OMG OMG 2012 2012!!!!

    Lol, the slashtard community is a hoot sometimes.

  8. Postman says:

    #6,

    Except that you have the history entirely wrong. When the SSL rootkit was discovered last year it got precisely zero media coverage.

    A couple of years ago when the bind exploit was discovered it was quietly handled and AFAIK it never made it to front page of slashtard.

    This is classic pure unadulterated FUD from the opensores community.

  9. freddybobs68k says:

    #5 Postman

    ‘What is a scanner?’

    Its this thing for scanning paper, into images that can be used on a computer. I can feed a wedge of papers into said scanner, and press a button, and they appear after some whirring on my computer.

    I could use a camera – but that would be kind of tedious. And I’d have to buy a camera.

    Its not uncommon to have to scan bits of paper – especially to archive stuff, and sometimes other people want my spider like scrawl on a some paper, that they send to me digitally. Keeps them happy.

    I wish it wasn’t so.

  10. bac says:

    The openness of security flaws in operating systems is interesting because it does seem that double standards are at play.

    If a vulnerbility is found in Linux (Unix) OSes, in most cases the flaw is fixed in a couple of days. Very seldom do these vulnerabilities get media attention.

    But MS Windows is another story. It seems like every vulnerability is publicized. Why is this? Could it be that people are unsure if and when Microsoft will patch the vulnerability, so the vulnerability is made public to force Microsoft to respond?

    It is possible if Linux seemed to slowly fix or not fix vulnerabilities then these vulnerabilities would be made more public.

    Does Apple fix vulnerabilities? why aren’t they made public?

  11. MikeN says:

    I think Microsoft hatred among techies has died down a bit. On a few years people will stop thinking about MS entirely.

  12. ECA says:

    Umm,
    an error that affects ALL THE WAY BACK, to XP core??

    Umm, that makes windows liable for 8-10 years worth of WINDOWS.
    Under car liability laws, I still get recalls notices for my car, 1986 Olds..

    This also acknowledges that the CORE to windows hasnt changed much over 8-10 years. SO WHY IN HELL dont the drivers work?
    The main diff in ALL these versions is in DirectX??

    And I QUOTE:(myself)
    What happened to the OLD programming RULES about Programming languages and OS..
    NEVER AUGMENT THE ORIGINAL. LOCK it up so SPIT’ cant happen.
    ADD a DIR outside of the OS, and direct access to it. NEVER ADD to the PROTECTED DIR.
    IF MS, corrects something and SCREWS up the machine(in a protected environment) YOU KNOW they did it. IF you allow ANYONE access, you cant point at LIABILITY..

  13. We're sick of it says:

    Nothing to see here, move along folks.

    just one of the (many) back doors built into the world’s most ubiquitous operating system.

    In another 20 years, they may all eventually be found and closed. Meanwhile, enjoy your lack of security

  14. ECA says:

    http://www.computerworld.com/s/article/9146820/Microsoft_confirms_17_year_old_Windows_bug

    HOLD IT..
    I think I found something BETTER..or is this the SAME??
    its NOT just XP forward…its 17 years old, and STILL THERE.

  15. ECA says:

    “Yesterday’s advisory spelled out the affected software — all 32-bit editions of Windows, including Windows 7 — and told users how to disable VDM as a workaround. Windows’ 64-bit versions are not vulnerable to attack.

    It was Microsoft’s second advisory in seven days; last week, the company posted a warning of a critical flaw in Internet Explorer after Google said its corporate computers had been hacked by Chinese attackers. That bug is to be patched later today.

    “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode,” said the newest advisory. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

  16. clancys_daddy says:

    Umm is this new, news? I seem to recall this problem popping up before.

  17. deowll says:

    Um, they don’t patch 2000.

  18. Buzz says:

    A flaw?!? In Microsoft?!?

    B’b’b’but I ALWAYS TRUST MICROSOFT!

  19. Josh says:

    What a swell way to sell 64 bit versions of Windows 7, and they don’t even mention that are planning to FIX IT??

    All the more reason for me to switch to Linux Mint, the coolest OS out on the internet for free 😉

    www(dot)linuxmint(dot)com

  20. Josh says:

    What a swell way to sell 64 bit versions of Windows 7, and they don’t even mention that are planning to FIX IT??

    All the more reason for me to switch to Linux Mint, the coolest OS out on the internet for free 😉

    www linuxmint com


0

Bad Behavior has blocked 5473 access attempts in the last 7 days.