Microsoft Finally Gets Around to Fixing 17-Year Old Windows Bug

We may earn a commission from links on this page.

Talk about procrastination (or rather, ignorance of a fundamental flaw in your OS for nearly two decades): a Google engineer recently discovered a vulnerability in Microsoft's 32-bit Windows kernel that had been around since 1993.

It's kind of funny that this thing has been around long enough to get a driver's license, but less so considering that it's exposed every Windows OS since then to hacker takeovers. The afflicted subsystem was the Windows Virtual DOS Machine, and the potential for damage was pretty serious, according to yesterday's Microsoft advisory:

What might an attacker use this vulnerability to do?
An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


Bad news! Don't worry, they'll patch it. But do worry, for all the other teenage bugs out there that no one's caught yet. [ComputerWorld]