Windows is notorious for its poor implementation of security. To prove just that, we have a 17 year old flaw from the Windows NT Kernel which has made its way, even to Windows 7.
[ Image via carbonnyc from Flickr ]
This security flaw was reported at this page at NEOHAPSIS. The author of this post Tavis Ormandy also happens to be a Google Security Engineer and the discoverer of this flaw. The flaw is in a module which BIOS service routines in 16 bit applications. This feature was present way back in 1993 and is still present. The computer once hacked by this process is under complete control of the hacker.
In his blog, Ormandy writes,
All 32bit x86 versions of Windows NT released since 27-Jul-1993 are believed to
be affected, including but not limited to the following actively supported
- Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
Surprisingly though, there is absolutely no patch available for this flaw. The only possible way to block an attack of this type is to switch off the MSDOS and WOWEXEC subsystems. A possibly better solution to this attack is given as,
Temporarily disabling the MSDOS and WOWEXEC subsystems will prevent the attack
from functioning, as without a process with VdmAllowed, it is not possible to
access NtVdmControl() (without SeTcbPrivilege, of course).
The policy template “Windows Components\Application Compatibility\Prevent
access to 16-bit applications” may be used within the group policy editor to
prevent unprivileged users from executing 16-bit applications. I’m informed
this is an officially supported machine configuration.
The page link above also gives a number of Youtube videos. Ormandy also says, he reported this bug on 12th June 2009 and Microsoft confirmed the receipt of the bug on 22nd June 2009. Over six months have passed and no action has been taken on this. Moreover, no matter how many patches Microsoft releases, security will still be a far sight for Windows as compared to security on Linux.