Jul -- Computers and Technology: 17-year-old MS security vulnerability found

Gabu

Star Mario
Placeholder Ikachan until :effort: is found
Level: 172

Posts: 2191/9981
EXP: 67993735
For next: 108499

Since: 08-10-09

Pronouns: they/them, she/her
From: Santa Cruisin' USA

Since last post: 57 days
Last activity: 4 days

Posted on 01-20-10 09:58:20 PM

Link | Quote

Hey, at least 17 years of this being unknown isn't that bad at all by Microsoft's standards.

Still, a pretty unnerving hole.

____________________

devin

Yoshi
i'm mima irl
Level: 112

Posts: 686/3519
EXP: 14932815
For next: 405390

Since: 04-29-08

Pronouns: any
From: FL

Since last post: 307 days
Last activity: 3 days

Posted on 01-20-10 10:01:20 PM

Link | Quote

Hey, finally, an excuse for businesses to quit using crappy outdated Turbo Pascal programs in 2010.

____________________
new layout coming soon

Xkeeper

Level: 263

Posts: 14651/25353
EXP: 297157275
For next: 1803178

Since: 07-03-07

Pronouns: they/them/????????

Since last post: 3 days
Last activity: 14 hours

Posted on 01-20-10 10:05:12 PM

Link | Quote

Given that this seems to have just been a compatibility layer that's been carried over, it's pretty impressive it took this long for it to get found... and even then, something like that probably stopped being of major importance long ago, so it's not too surprising that it still exists.

Especially given the fix for it.

____________________

— FPzero —
9590

Post 7929/9597
Active 5.5 years ago

Posted on 01-20-10 10:07:29 PM

Link | Quote

One good thing about having 64-bit Windows 7?

____________________

Lyskar
12210

-The Chaos within trumps the Chaos without-
Level: 192

Posts: 4082/12211
EXP: 99326554
For next: 547017

Since: 07-03-07

From: 52-2-88-7

Since last post: 7.4 years
Last activity: 7.3 years

Posted on 01-21-10 12:36:42 AM

Link | Quote

Time/Date

01-20-10 06:36:42 PM

Posts

4082

Days Here

932

Level

93

	Metal_Man88
	Local Moderator

Windows XP x64 ftw!

____________________

Original Layout © Tobias Kelmandia

Ctenophorae

Level: 85

Posts: 712/1921
EXP: 5772828
For next: 125712

Since: 06-19-09

From: Oregon

Since last post: 8.1 years
Last activity: 27 days

Posted on 01-21-10 01:29:53 AM

Link | Quote

Originally posted by article
Internet Explorer

Phew, scared me for a second!

____________________

ゆっくりしていってね!!!

Peardian

Magikoopa

16/3/1: KvSG #479 is up!

Level: 157

Posts: 2881/7597
EXP: 48605586
For next: 973647

Since: 08-02-07

From: Isle Delfino

Since last post: 11 days
Last activity: 3 hours

Posted on 01-21-10 01:33:07 AM (last edited by Peardian at 01-20-10 10:33 PM)

Link | Quote

Originally posted by Demon King of Crabmeat
Phew, scared me for a second!

That's a different hole they found. This one concerns the Virtual DOS Machine.

It's also worth mentioning that this hole probably won't affect many home users.

____________________
-Peardian-

"Kindness is the language which the deaf can hear and the blind can see." -Mark Twain
C'mon! Step it up!

Ctenophorae

Level: 85

Posts: 713/1921
EXP: 5772828
For next: 125712

Since: 06-19-09

From: Oregon

Since last post: 8.1 years
Last activity: 27 days

Posted on 01-21-10 04:49:49 AM

Link | Quote

Open mouth, insert foot. I'm battling quite the trojan right now, it won't let me open ANY of my virus scanners or look for answers, it'll just open a page called "proto.com" or something like that.

The offender's name is winhlp64.exe and I can't seem to get rid of the bugger! Any suggestions?

____________________

ゆっくりしていってね!!!

Bagel

Giant Red Paratroopa
without music life would Bb
Level: 75

Posts: 458/1446
EXP: 3802439
For next: 24465

Since: 03-30-09

Pronouns: he/him
From: bear

Since last post: 191 days
Last activity: 7 days

Posted on 01-21-10 03:27:32 PM

Link | Quote

Any suggestions?

Backup. Format. Reinstall Windows. Get Firefox (or Opera or something) and NoScript (or turn page scripting off using something else.) Makes me sound a little like a condescending jerk to say this ... but there is no good reason to use IE at all except to download another browser. The most common source of infections is in ads on questionable sites; if you have scripting turned on they can do all sorts of nasty things if left unchecked. And also ... use common sense.

As to the vulnerability ... why has the 16-bit layer continued to be standard for all this time? Why not make it an optional install or something? You'd think that Microsoft would have learned to stop recycling old code by now. How many users still run 16-bit applications? :|

At least there's that registry fix, but an average user isn't going to want to fiddle with that. I don't see how MS could have debated for THIS long about how to fix the problem ... by now you'd think they'd have been able to release an update that removes the 16-bit layer and then makes it an optional install or something, or even look at the old code and patch the hole.

____________________

Ctenophorae

Level: 85

Posts: 715/1921
EXP: 5772828
For next: 125712

Since: 06-19-09

From: Oregon

Since last post: 8.1 years
Last activity: 27 days

Posted on 01-22-10 02:17:10 AM

Link | Quote

Gotcha, bitch! I finally nailed the fucker today, I pretty much had to rename Malwarebytes to suckitbitch.exe just to get it to work but after I did that it was history. Also, I ended up getting this little asswipe through Firefox, just minding my own business on Facebook. A popup came up and just decided to wreak havoc (it got past my popup blocker!) but the nightmare is finally over.

I also tried to do a system restore but the little bugger interfered with that as well! I'm just glad that I don't have to worry about it anymore.

____________________

ゆっくりしていってね!!!

Posted on 01-22-10 03:52:54 AM

Link | Quote

Lain's post №499

Good thing for x64 OSes.

But still, 17 years... that's almost as old as 3.1, and about as old as Windows 95 isn't it?

____________________

Ctenophorae

Level: 85

Posts: 718/1921
EXP: 5772828
For next: 125712

Since: 06-19-09

From: Oregon

Since last post: 8.1 years
Last activity: 27 days

Posted on 01-22-10 04:18:37 AM

Link | Quote

Originally posted by Lain
Good thing for x64 OSes.
But still, 17 years... that's almost as old as 3.1, and about as old as Windows 95 isn't it?

I know, I feel old too!

____________________

ゆっくりしていってね!!!

Lyskar
12210

-The Chaos within trumps the Chaos without-
Level: 192

Posts: 4096/12211
EXP: 99326554
For next: 547017

Since: 07-03-07

From: 52-2-88-7

Since last post: 7.4 years
Last activity: 7.3 years

Posted on 01-22-10 07:10:25 AM

Link | Quote

Time/Date

01-22-10 01:10:25 AM

Posts

4096

Days Here

933

Level

93

	Metal_Man88
	Local Moderator

I was playin' Sonic 2 back 17 years ago. Well, 16 years ago.

____________________

Typhoid
Member
Level: 28

Posts: 15/156
EXP: 130314
For next: 1024

Since: 02-02-10

From: Killadelphia

Since last post: 7.8 years
Last activity: 7.7 years

Posted on 02-09-10 04:50:27 PM

Link | Quote

17 years ago I was learning how to walk and all that lol.

Ninji

Birdo
Why did my user title say I'm a toaster anyway
Level: 88

Posts: 1487/2014
EXP: 6638938
For next: 11726

Since: 07-26-07

Pronouns: he/him or they/them
From: Glasgow, Scotland

Since last post: 114 days
Last activity: 6 days

Posted on 02-09-10 05:54:40 PM

Link | Quote

17 years ago I didn't exist

____________________

[20:07:36] @Treeki: ikachan say something funny I can put in my signature
[20:07:41] @Ikachan: And it was funny in the can with a syringe. Hacking Tools: NSMB Editor 5 · Nitro / NARC Explorer
Current Project: Reggie! - NSMBWii Level Editor

Gywah

Level: 28

Posts: 14/150
EXP: 122988
For next: 8350

Since: 01-24-10

From: Your mother.

Since last post: 11.5 years
Last activity: 11.5 years

Posted on 02-09-10 07:33:45 PM

Link | Quote

This dates back to NT 3.1 if I remember right..

Security through obscurity.. not always the best method.

____________________

Shadic
Alakadoof?
Level: 151

Posts: 3735/6929
EXP: 42380008
For next: 916468

Since: 07-22-07

Pronouns: he/him
From: Olympia, WA

Since last post: 6 days
Last activity: 1 day

Posted on 02-10-10 05:40:27 AM

Link | Quote

Originally posted by Treeki
17 years ago I didn't exist

You're 15? Jesus.

And has this vulnerability been being USED for 17 years? If not, I don't see the issue.

____________________

Sukasa

Level: 123

Posts: 2076/4326
EXP: 20936851
For next: 294415

Since: 07-07-07

Since last post: 1.1 years
Last activity: 1.1 years

Posted on 02-10-10 02:00:31 PM

Link | Quote


	Nobody knew about it. The problem is, if any ne'er-do-wells found this, they would have basically had free run over computers for a long while, because the vulnerability was so obscure and dangerous. ____________________ <@Bitmap> Be completely humble and gentle; <@Bitmap> And tell them to shut the fuck up

Rena
I had one (1) message in Discord deleted and proceeded to make a huge, huge mess about how it was a violation of free speech and how moderators are supposed to be spam janitors and nobody should have the right to tell me not to talk about school shootings
Level: 135

Posts: 2822/5390
EXP: 29077149
For next: 257856

Since: 07-22-07

Pronouns: he/him/whatever
From: RSP Segment 6

Since last post: 342 days
Last activity: 342 days

Posted on 02-18-10 05:40:46 AM

Link | Quote

02-18-10 12:40:46 AM
Post #2822

Microsoft has now confirmed the privilege escalation hole in Windows. The company says that it wants to complete its investigation of the vulnerability and will then decide whether, how and when to close it.

It's always a laugh to read about these holes that have existed since very old versions (WMF hole came all the way from Windows 3.1), considering they claimed to be doing a total rewrite and/or audit of everything with XP... and again with Vista...

____________________

why not?

Register - Login
Views: 99830731	Main - Memberlist - Active users - Calendar - Wiki - IRC Chat - Online users Ranks - Rules/FAQ - Stats - Latest Posts - Color Chart - Smilies	05-03-22 09:16:12 PM

Query execution time:	0.078099 seconds
Script execution time:	0.049651 seconds
Total render time:	0.127750 seconds