ALL Windows PC Exploited by Hack

There exists an encryption that has been left UnBroken since 1942 approximately time around the World war 2.  This is called security — when encryption algorithm lasts long, really long.

Unfortunately, Microsoft has a different story. After 17 years of windows, someone found a hole that makes every windows PC on this earth prone to hacking.

This hole allows users with restricted access to escalate their privileges to system level – This is possible on all 32bit Windows Platforms: Windows 3.1 to Windows 7. (and upcoming win7 SP1 too)

The vulnerability is going to have severe impact on a business/office user, on the other hand, a home user might get malware/viruses/worms more easily and readily.

The root cause is Virtual DOS Machine (VDM) introduced to support 16-bit applications for 8086 Mode (VM86) in 80386 processors and other stuff like BIOS calls.

A Typical hack implementation will allow an unprivileged 16-bit program to manipulate the kernel stack of each process via a number of tricks. This can enable attackers to execute code at system privilege level.

Google security analyst, Ormandy, has published exploit which functions under Windows XP, Windows Server 2003, Windows Vista and Windows 7.

Its said that Microsoft was already informed of the hole in mid 2009.

The FIX

For windows 2003: Start group policy editor and enable the “Prevent access to 16-bit applications” option in the Computer Configuration\Administrative Templates\Windows Components\Application Compatibility section. The settings won’t interfere with 16-bit applications compatibility, but will make it secure for sure.

Windows 3.1, 95, 98, ME, 2000, XP, Vista, Windows 7:

Users will have to create a Registry Key under:
\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat
with a D-Word value of VDMDissallowed = 1.

Under Windows XP, to prevent the system from being vulnerable to the exploit, users can place the following text:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat]
"VDMDisallowed"=dword:00000001

into a file called vdmdisallow.reg and double click the file. Windows will then automatically import the key.

For more Windows, Open Source,  Security, and Tech News get in touch @taranfx on Twitter.

GD Star Rating
loading...
GD Star Rating
loading...

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.