homepage Welcome to WebmasterWorld Guest from 54.242.241.20
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Microsoft / Microsoft Corporate
Forum Library, Charter, Moderators: bill

Microsoft Corporate Forum

    
Microsoft Security Update To Patch DOS Bug, and 25 Other Holes
engine

WebmasterWorld Administrator engine us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



 
Msg#: 4074940 posted 2:58 pm on Feb 5, 2010 (gmt 0)

Microsoft Security Update To Patch DOS Bug, and 25 Other Holes [news.bbc.co.uk]
A 17-year-old bug in Windows will be patched by Microsoft in its latest security update.

The February update for Windows will close the loophole that involves the venerable DOS operating system.

First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since.

The monthly security update will also tackle a further 25 holes in Windows, five of which are rated as "critical".

 

rollinj

5+ Year Member



 
Msg#: 4074940 posted 6:30 pm on Feb 5, 2010 (gmt 0)

I don't get it... does MS really not care about security? Is it in their best interest to keep their OS unsafe?

This vulnerability was no doubt floating around "for sale" in one of those other reputable online forums... MS has billions of dollars, go buy them up!

Maybe they're already doing this and I have no idea what I'm talking about?

scotland

5+ Year Member



 
Msg#: 4074940 posted 6:32 pm on Feb 5, 2010 (gmt 0)

It is crazy that many web and computer users in the world will not even know what DOS is, and there is a security flaw that can affect most of their computers.

I used to love (well maybe too strong a word) using DOS, then came the graphical user interface to file management and that just seemed so easy to use.

physics

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4074940 posted 6:58 pm on Feb 5, 2010 (gmt 0)

Wow, a bug that's older than many users of Windows.

Windows is not insecure just because it's the most popular OS. All OS's are not created equal. Just like all cars are not created equal and you wouldn't expect a pinto to be as safe as a Volvo.
It's insecure because it was fundamentally never designed to be a 'network' OS - it was designed as a desktop OS. Compare this to Linux and, yes Mac OS X which were always designed with security and networking in mind. And clearly there's been no push to re-work the kernel of Windows to be more secure. And this is not impossible - Apple did it when they completely reworked their OS to be based on FreeBSD (an open source UNIX variant [apple.com...] [apple.com...] ).
This DOS bug is a perfect example of how a closed-source desktop-centric OS like Windows/DOS is bound to be less secure than an open-source network-focused OS like Linux or Mac OS X. Do you really think a security hole would stick around this long in an open source OS?

trillianjedi

WebmasterWorld Senior Member trillianjedi us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4074940 posted 8:02 pm on Feb 5, 2010 (gmt 0)

Apple did it when they completely reworked their OS to be based on FreeBSD


They didn't re-work anything, they just bought NeXT ;)

It turned out to be a shrewd move as the original Apple OS was also developed originally as a desktop OS.

MS doesn't have the experience in networking that it really needs, at it's core.

I think it would be a highly shrewd move for MS to purchase a UNIX like variant from which to base future releases.

Lot's of upfront pain, but in the long term I really believe they'll need it.

Ocean10000

WebmasterWorld Administrator 10+ Year Member



 
Msg#: 4074940 posted 9:20 pm on Feb 5, 2010 (gmt 0)

<rant>
If any of you noticed this isn't talking about DOS based OS's. It actually talking about Windows NT based OS's, which was a ground up rebuild with more security in mind.
</rant>

The problems being patched (at least my understanding) are in how Microsoft maintain compatibility with some older applications, thus making themselves vulnerable to attack. This older applications had bugs in them, but instead of Microsoft making them release fixes, they built a compatibility layer to work around these bugs.

Seb7

5+ Year Member



 
Msg#: 4074940 posted 11:56 pm on Feb 5, 2010 (gmt 0)

ground up rebuild

They said this, and we believed it. But somehow some of the old bugs from the previous versions still appeared. (I noticed a few bugs from old, myself.)

KenB

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4074940 posted 1:21 am on Feb 6, 2010 (gmt 0)

If any of you noticed this isn't talking about DOS based OS's. It actually talking about Windows NT based OS's,

Good point that bears repeating.

On Win9x OS, Windows ran on top of DOS. On WinNT based OSes, Everything from WinNT4 & Win2K on DOS runs as an emulator within Windows. I don't remember which way WinNT3.51 ran, but based on this bug I'd guess DOS was emulated.

JS_Harris

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4074940 posted 7:25 am on Feb 6, 2010 (gmt 0)

I had an adobe patch try to install today, I knew a windows patch was coming. I wonder what new monitoring techniques are incorporated into this round of patches.

kaled

WebmasterWorld Senior Member kaled us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4074940 posted 1:36 pm on Feb 6, 2010 (gmt 0)

Are there any details anywhere about what this bug permitted?
Presumably, it somehow allowed limited-access users to make unauthorised changes - this suggests that DOS shells run at a higher privilege than the user or some serious code hacks are required to make it work. And if those code hacks worked for DOS emulation, might they still work elsewhere?

On Win9x OS, Windows ran on top of DOS.
I'm afraid this is one of those myths that every computer-magazine guru on the planet repeated. 16bit DOS merely bootstrapped 32bit Windows. DOS programs ran in emulation on Win 9x (unless running in DOS mode). Although Win9x supported use of some 16bit drivers (mainly to allow old hardware such as printers to be used) other drivers were 32bit meaning that IO calls, etc were not passed to an underlying 16bit DOS layer.

Kaled.

KenB

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4074940 posted 2:32 pm on Feb 6, 2010 (gmt 0)

I'm afraid this is one of those myths that every computer-magazine guru on the planet repeated. 16bit DOS merely bootstrapped 32bit Windows. DOS programs ran in emulation on Win 9x (unless running in DOS mode). Although Win9x supported use of some 16bit drivers (mainly to allow old hardware such as printers to be used) other drivers were 32bit meaning that IO calls, etc were not passed to an underlying 16bit DOS layer.

Very interesting. This just proves that a lie repeated often enough becomes a commonly known "fact".

So the big difference between the WinNT branch and the Win9x branch is that on Win9x DOS still existed but that once it initiated Windows its job was done. On WinNT Windows booted itself. Am I understanding this correctly?

kaled

WebmasterWorld Senior Member kaled us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4074940 posted 4:55 pm on Feb 6, 2010 (gmt 0)

That's about the gist of it, but a full implementation of DOS 7 (I think) was included with Windows 95 to allow DOS Mode to work.

Another myth, that every computer-magazine guru on the planet repeated was that CD drives had to be installed on a different IDE channel otherwise performance would be seriously compromised - I believe this started because very early IDE drives could be synchronised and would run at the speed of the slower drive!

Kaled.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft Corporate
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved