17-year-old Microsoft flaw affects Windows 7 – ZDNet.co.uk

A flaw that has been present in Microsoft software since 1993, and still affects Windows 7, has been published by a security researcher.

Tavis Ormandy published details of the flaw on the Neohapsis mailing list on Tuesday.

The problem lies in the Virtual DOS Machine, Heise security explained on Wednesday.

“Microsoft isn’t having an easy time of it these days,” said the Heise article. “In addition to the unpatched hole in Internet Explorer, a now published hole in Windows allows users with restricted access to escalate their privileges to system level – and this is believed to be possible on all 32-bit versions of Windows from Windows NT 3.1 up to, and including Windows 7.”

via 17-year-old Microsoft flaw affects Windows 7 – ZDNet.co.uk.